Yesterday, one guy wrote me a mail stating that his antivirus complains about the hosts file being infected.
The only script that touches the hosts file is block-telemetry.ps1 and it only uses Out-File with the append flag. My guess is that malware commonly patches the hosts file to prevent system or antivirus updates. And now the antivirus triggers if it detects that the hostsfile has been altered in a similar fashion by the scripts. Therefore I'd count this as a false-positive.
Let me know if anyone has additional information regarding this topic.
Yesterday, one guy wrote me a mail stating that his antivirus complains about the hosts file being infected.
The only script that touches the hosts file is
block-telemetry.ps1
and it only usesOut-File
with the append flag. My guess is that malware commonly patches the hosts file to prevent system or antivirus updates. And now the antivirus triggers if it detects that the hostsfile has been altered in a similar fashion by the scripts. Therefore I'd count this as a false-positive.Let me know if anyone has additional information regarding this topic.