Windows bypassing Hosts

I have received several emails from users concerned that Windows is bypassing the Hosts file.

It is true that Windows allows some Microsoft sites even if they are blocked in the Hosts file.
After some internet research and forensics on my own computer I have found a list of hostnames
hard coded into the dnsapi.dll in the System32 directory.

On my computer these hostnames are:

www.msdn.com
msdn.com
www.msn.com
msn.com
go.microsoft.com
msdn.microsoft.com
support.microsoft.com
www.microsoft.com
microsoft.com
update.microsoft.com
download.microsoft.com
microsoftupdate.com
windowsupdate.microsoft.com
* office.microsoft.com
* microsoftupdate.microsoft.com
* wustats.microsoft.com
* windowsupdate.com

The starred hostnames are still blocked if in the Hosts file.

All other hostnames being blocked in my Hosts file that I tested were still being blocked.

Personally I do not see this as a major concern just yet as only a few Microsoft sites bypass
the Hosts.

Subscribe
Notify of
guest
5 Comments
Oldest
Newest
Inline Feedbacks
View all comments
Alan
Alan
2 years ago

Can the dnsapi.dll be patched, i.e the strings removed?

Alan
Alan
2 years ago
Reply to  rediSoft

Yeah i thought as much. Thanks

Nightwalker
Nightwalker
2 years ago

I’m pretty unhappy about the way microsoft did this, very sneaky.
I guess they did it to track illegal copies of Windows?