Up until Windows 7, a user was freely allowed to edit the Windows Hosts file.
Starting Windows 8, Microsoft has introduced a new measure for stopping malware.
When changes are made to the hosts file, Windows Defender will scan and detect this change. The Hosts file is detected as a SettingsModifier:Win32/PossibleHostsFileHijack malware threat by Windows Defender, and the custom hosts file is replaced with Microsoft's default hosts file.
Default Windows Hosts File Path: C:\Windows\System32\drivers\etc
To overcome this issue, a user must add the hosts file to Windows Defender's exclusion list.
- Open Windows Defender.
- On the Settings tab, click Excluded files and locations.
- Under File locations, click Browse.
- Locate and then click the Hosts file.
- Click Add, and then click Save Changes.