In Windows 8, Microsoft has (rightly) decided that Windows Defender will prevent modifications from being made to the %WINDOWS%/System32/Drivers/etc/hosts file. This is an attempt to prevent trojans and/or malware from surreptitiously redirecting traffic on the machine to compromised websites.

That being said, there are still completely valid use cases for wanting to block all traffic to particular web addresses.

One way to get around this is to exclude the hosts file from protection in the Windows Defender configuration: http://www.howtogeek.com/122404/how-to-block-websites-in-windows-8s-hosts-file/

That is great and all, but the hosts file protection exists for a good reason and disabling protection altogether seems like a bit of overkill.

Given that Microsoft has made these changes in the way Windows 8 handles the hosts file, did they similarly provide a mechanism for achieving host blocking that doesn't compromise protection?

Ideally I would like something that doesn't involve turning on Windows Firewall (which I would prefer to keep off for other reasons) - although a method to do it through the firewall may be of interest for others who might read this question.

Also, the block should function deeper than browser level. i.e. saying 'just don't go to the website' or use firefox's 'adblock' add on would not be what I'm asking for.

1 Answer 1


Short answer: No.

If you want to achieve hosts-file type blocking, you have to use the hosts file, and you have to remove it from Windows Defender's protection.

  • hmm is there a way to 1) remove the file from protection, 2) make changes to it, 3) turn protection back on such that WD protects the 'changed' hosts file?
    – petpetpet
    Commented Dec 19, 2012 at 15:37
  • @petpetpet Doesn't it automatically work as you describe? I've never tried it, but that's how I would expect it to work...
    – David
    Commented Dec 19, 2012 at 16:04
  • @petpetpet - Try it
    – Ramhound
    Commented Dec 19, 2012 at 16:06
  • 1
    Yeah, was in the process of trying it. This appears to work. Therefore I would submit that the best way of modifying the hosts file in Windows 8 is: 1) Open Windows Defender->Settings and add the %WINDOWS%/System32/Drivers/etc/hosts file to the excluded files and locations list. 2) press save changes. 3) edit the hosts file (you'll need to run notepad as administrator to do this.) 4) Open Windows Defender->Settings again and remove hosts from the exclusion. I have tested a reboot after doing this and the change persisted.
    – petpetpet
    Commented Dec 19, 2012 at 16:37

