What does Defender action "Clean" mean?

[Buck]

Please help. Defender is telling us that our Hosts file is a possible Hijack
situation:

SettingsModifier:Win32/PossibleHostsFileHijack

Defender suggests the action "Clean". No idea what to do. Windows Help file
has no reference to an action named "Clean", there are no results when
searching for "clean" at the Defender forums at MS, and there is no mention
of an action named "Clean" anywhere in Defender documentation at MS. But
clicking on actions reveals only the following 4 choices: Clean, Ignore,
Remove, Quarantine

Resources File is listed as:
c:\windows\system32\drivers\etc\hosts

There is no other information listed on the Scan Results page.

What does "Clean" mean and is this a real threat?

 

[RonKa]

From info in the Announcements Section, this appears to be a False Positive.
I performed the CLEAN and now I am left with the choice to PERMIT or DENY the
ACTION. On the Review Changes to your computer settings line of WD it
states: "Permit changes only if you trust the program or the software
publisher. (And Importantly) Windows Defender can't undo changes you
permit."

Detected changes: Removed: 127.0.0.1 localhost

Therefore, I am not sure what to do first. Permit or Deny or update with
the WD fix (update) out today.

Question to those who understand the CLEAN function: Should I DENY the
change?

I just ran 'Norton IS' for 1h10 minutes and it did not find a problem.

Buck: I suggest that you hang tight and do not perform the CLEAN.

 

[RonKa]

Okay. I selected DENY and then ran a WinDef Scan and got the False Positive
again (I am glad I did not select PERMIT!). Then I got the WinUpdate notice
that there were 5 updates ready. I selected 4 and left the WinDef 1.53.228.0
unchecked. After the 4 other updates were installed, configured, and after
the Restart, I installed the WinDef Update .228.0 with an automatic Restore
Point (so is would have a separate RS from the other 4 updates, in case there
were problems with WinDef update). After a Scan, the .228.0 update removed
the False Positive inherent within 1.53.256.0.

The irony is I was having trouble accessing the Internet with similar
results stated in the False Positive Host error. Coincidence!

In the future, instead of jumping to click on CLEAN, I am going to click on
IGNORE or simply close WinDef (as I most often do not use it except to keep
it updated since I use Norton IS), check here first to get info, and then go
from there.

Lesson Learned: False Positives Happen with MS Windows Defender.

Thanks go to Tim who posted on the Announcements section of this Newsgroup
for spotting the False Positive.