Windows Defender detect hijack of Host File after Tailscale update

Hello,

I am using Tailscale on different machines to share my personal NAS with my family. 4 machines are running on Windows, therefore I rushed to update the client on the Windows machines as soon as I knew about the last security issue.

On the first machine, right after updating to 1.32.3, I couldn’t connect to internet. It appears that this was coming from the host file as Windows Defender detected a possible hijack of the host file. I asked Windows Defender to “delete the threat” and everything came back to normal.

On the second machine, after updating to 1.32.3 I didn’t lost internet, but I got the same warning from Windows Defender of possible host file hijack. I don’t want to “delete the threat” again because I am now wondering if by doing this, I wouldn’t be cancelling the security update of 1.32.3?

Is anyone experiencing the same issue? I am now stopping all update on Windows machines before I can get an explanation on why is this happening…

I want to precise that, of course, I downloaded the update from the official Tailscale’s website.

Thank you in advance.

Aymeric

The tailscale client updates the hosts file to make MagicDNS work in more situations than it would otherwise. Windows Defender is mostly technically correct: it is rewriting the hosts file, but it is a stretch to call it a hijack of the hosts file. Windows Defender is probably unable to determine if it is a safe change or not. While I would not recommend having Windows Defender undo the changes, it will not cause any harm.

Regardless of the details above, if you have Windows Defender undo the hosts file changes, that will not affect the security update of 1.32.3. The security changes involve other parts of the Tailscale client unrelated to the hosts file.

Thank you very much for your answer!

I am not using the MagicDNS feature so I will update on each Windows machines and then let Windows Defender undo the host file changes.

Best regards,

Aymeric