Can you explain more about why you are blocking these domains, and whether you see activity from these domains? Are you using Google Analytics i.e. do you have the tags on your pages?

In other words, what are you trying to prevent from happening?

Q: How is this behaviour going to go down in corporate environments where there may be many deliberate entries in the hosts file?

In my experience, Defender doesn't seem annoyed by entries in the host files, it seems annoyed by entries it doesn't recognize pointing to localhost in the host files.

And yes, I've noticed it, albeit not for the same reasons. But pointing to localhost seems to be a trait of evil spyware which uses local web proxies to redirect traffic.

[edited by: bakedjake at 6:43 pm (utc) on Mar. 17, 2009]

Simple - I don't want Google Analytics to track my web usage

This is primarily because I don't want my surfing on my own sites to distort my stats - I'm often on the move so my ip address changes a lot...

but I don't mind the side-effect that my surfing on all sites is off the GA radar.

it seems annoyed by entries it doesn't recognize pointing to localhost in the host files.

OK, to block GA and keep Defender happy where should I point the entries?

A non-routable address like 192.168.x.y?

One of my own sites - perhaps with a blank ga.js file in place?

A non-resolving address such as foo.example.com?

I believe the problem was solved last week with a signature update.

Did you try ignoring the warning and downloading the new signature update manually via Windows Update?