![\"msrt](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/msrt-defender.png\")
<\/p>\nMicrosoft Malicious Software Removal Tool (MSRT) is a post-infection removal tool which is updated every month and rolled out through the Windows Update channel. Malicious software scanning runs as you install MSRT from Windows Update. You can also initiate scans manually whenever needed by running mrt.exe in the Windows\\System32 directory.<\/p>\n
<\/p>\n
MSRT is a tool to remove infections from the computer. But it doesn’t monitor your system real-time. Also, it scans for a specific, prevalent malicious software, which amounts to a small subset of all the malicious software that exists today. Whereas the definitions used your antivirus product are vast — containing signatures for all or most of the malware ever released.<\/p>\n
MSRT, as a secondary scanner, is useful in finding and removing viruses, worms, and Trojans. It doesn’t detect spyware, nor does it replace your primary antivirus program’s real-time protection.<\/p>\n
The MMPC blog announced that out of the 500 million devices scanned every month, the MSRT identified and removed malicious programs from 1 to 2 million machines, even on those devices running antivirus software. The effectiveness of MSRT as a secondary scanner made Microsoft include “Windows Defender – Limited Periodic Scanning<\/a>” feature into Windows 10.<\/p>\n Practically speaking, if your original antivirus software is always kept updated and its real-time protection is working fine, MSRT won’t find anything in the vast majority of cases.<\/p>\n MSRT runs in Windows 10, Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows Server 2008 systems. Microsoft releases an updated version of MSRT on the second Tuesday of each month.<\/p>\n So, from Windows 10’s perspective, if you’re using a 3rd party antivirus solution in Windows 10, Limited Periodic Scanning (when turned on) provides an additional layer of defense. MSRT adds a 3rd layer of this defense, but the automatic scans occur once a month; when Microsoft pushes the latest version of MSRT via Windows Update. And, with Windows Defender Offline<\/a> integrated into Windows 10, the Operating System is fortified to a greater level.<\/p>\n Press WinKey + R to launch the Run dialog. Type mrt.exe<\/strong> and hit ENTER<\/p>\n If the version of MRT.exe in your system is older than 60 days, taking the current system date\/time into account, MSRT suggests you download the latest version<\/a> of the tool.<\/p>\n In the “Welcome to the Microsoft Malicious Software Removal Tool,” screen, there is a link to view the list of malicious software this tool removes. Click the link if you want to see the list. Selecting an item in the list box opens the corresponding virus information page at the Microsoft site.<\/p>\n It’s worth noting that most of the malicious software listed there are categorized as alert level “Severe” or “High”.<\/p>\n Click Next to proceed.<\/p>\n Choose a type of scan: Quick scan, Full scan or a Customized scan. Customized scan is used to scan a specific folder in addition to<\/strong> Quick scan. Full scan took extremely long time to complete on my production system.<\/p>\n Microsoft’s documentation<\/a> says “The tool cannot remove malicious software that is not running.” It’s unclear if the statement applies even if one performs a full scan.<\/p>\n Once the scan completes, it shows you the results immediately. The results are also logged to the file “C:\\Windows\\Debug\\mrt.log”. After each scan, MSRT records the following info to the log file.<\/p>\n “Run Mode” would say “Scan Run From Windows Update” if the scan was initiated automatically from Windows Update.<\/p>\n MSRT supports these command-line arguments:<\/p>\n Scans initiated from Windows Update run in quiet mode by default. But, if MSRT finds a malicious software, it sends a balloon or toast notification suggesting the user run a full scan.<\/p>\n Woody Leonhard<\/a> also found out that, as of August 2016, MSRT submits HeartBeat or Telemetry report to Microsoft — as seen in the mrt.log which contains the line “Successfully Submitted Heartbeat Report”. Microsoft, however, provides a registry method in article Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment<\/a> to stop MSRT from reporting the infection to Microsoft.<\/p>\n An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft.<\/p>\n Start the Registry Editor (regedit.exe), and go to the following key:<\/p>\n Create a DWORD value named “DontReportInfectionInformation”, and set its value data to 1.<\/p>\n For detailed information on MSRT, check out Microsoft article: MSRT helps remove specific, prevalent malicious software from computers<\/a>.<\/p>\n Also see the recent MMPC blog post: MSRT November 2016: Unwanted software has nowhere to hide in this month’s release<\/a>. MSRT can now (Nov 2016 update) remediate systems infected by Soctuseer<\/a> malware. Since September 2016, Soctuseer has infected 1.2 million systems.<\/p>\n Microsoft has another standalone virus and malware scanner, named Microsoft Safety Scanner<\/a> (free). MSS has an interface that’s similar to MSRT, but it’s more comprehensive than MSRT. The standalone tool is bigger in size, and it can scan and remove viruses, spyware, and other malicious software.<\/p>\n Even though MSS uses the same set of virus and malware definitions used by Microsoft Security Essentials and Windows Defender, MSS expires 10 days after you download it and you can’t delta update the definitions as it’s a single executable. To rerun a scan with the latest anti-malware definitions, you’ll need to download and run the Microsoft Safety Scanner again. It logs the scan results to the file “C:\\Windows\\Debug\\msert.log”<\/p>\n The system requirements page of MSS states Windows 7 is required, but it runs just fine on Windows 10 as well.<\/p>\n If too many scanner options provided by Microsoft have left you baffled, note that MSRT is intended to be run silently and automatically via WU; whereas MSS is an on-demand scanner which the user needs to download whenever they need to run a thorough scan.<\/p>\n Likewise, Windows Defender Offline<\/a> (WDO) is started on-demand by the user, or when Defender suggests you run an offline scan when it finds a deep-rooted malware infection in the system which can’t be removed when Windows is running. On the other hand, Limited Periodic Scanning<\/a> in Windows 10 requires no user intervention.<\/p>\n","protected":false},"excerpt":{"rendered":" Microsoft Malicious Software Removal Tool (MSRT) is a post-infection removal tool which is updated every month and rolled out through the Windows Update channel. Malicious software scanning runs as you install MSRT from Windows Update. You can also initiate scans manually whenever needed by running mrt.exe in the Windows\\System32 directory.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-4553","post","type-post","status-publish","format-standard","hentry","category-utilities","category-windows"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":25464,"url":"https:\/\/www.winhelponline.com\/blog\/mrt-exe-blocked-by-system-administrator\/","url_meta":{"origin":4553,"position":0},"title":"Fix: MRT.exe Blocked by System Administrator","author":"Ramesh","date":"January 2, 2022","format":false,"excerpt":"When you attempt to run the MRT.exe or the Microsoft Malicious Software Removal Tool (MSRT) on your Windows computer, the following error may appear: This app has been blocked by your system administrator. Contact your system administrator for more info. MSRT is a tool to remove infections from the computer.\u2026","rel":"","context":"In "Windows"","block_context":{"text":"Windows","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/"},"img":{"alt_text":"mrt blocked by administrator","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2022\/01\/mrt-app-blocked-policy-2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2022\/01\/mrt-app-blocked-policy-2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2022\/01\/mrt-app-blocked-policy-2.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":4472,"url":"https:\/\/www.winhelponline.com\/blog\/windows-defender-running-alongside-antivirus-program-limited-periodic-scanning\/","url_meta":{"origin":4553,"position":1},"title":"Why Is Windows Defender Running Alongside my Antivirus Program?","author":"Ramesh","date":"October 30, 2016","format":false,"excerpt":"Is Windows Defender running alongside their main antivirus program, as the icons for both programs are visible in the Notification area? Isn't Windows Defender supposed to turn itself off when it detects a third-party antivirus program? Windows Defender and Avast antivirus icons in the Notification area. \"Limited Periodic Scanning\" enabled?\u2026","rel":"","context":"In "Windows 10"","block_context":{"text":"Windows 10","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/windows-10\/"},"img":{"alt_text":"Limited periodic scanning - Defender settings - Windows 11","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/10\/enable-limited-periodic-scanning-windows-11.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/10\/enable-limited-periodic-scanning-windows-11.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/10\/enable-limited-periodic-scanning-windows-11.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/10\/enable-limited-periodic-scanning-windows-11.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":933,"url":"https:\/\/www.winhelponline.com\/blog\/updating-microsoft-security-essentials-using-command-line\/","url_meta":{"origin":4553,"position":2},"title":"Updating Microsoft Security Essentials Using Command-Line","author":"Ramesh","date":"October 3, 2009","format":false,"excerpt":"Microsoft Security Essentials includes a command-line utility which can be used to update the virus\/malware definitions, initiate a scan, undo a recent definition update and perform other tasks. To know how to use the command-line utility, open a Command Prompt window (CMD.EXE) and execute the following command: \"%ProgramFiles%\\Microsoft Security Essentials\\MpCmdRun.exe\"\u2026","rel":"","context":"In "Windows"","block_context":{"text":"Windows","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5973,"url":"https:\/\/www.winhelponline.com\/blog\/defender-service-error-577-disableantivirus-registry\/","url_meta":{"origin":4553,"position":3},"title":"Fix: Windows Defender Error 577 | Service Fails to Start","author":"Ramesh","date":"November 23, 2017","format":false,"excerpt":"The \"Security and Maintenance\" Control Panel applet or the Action Center in Windows 10 may warn you that Windows Defender is disabled and no anti-virus is protecting your system. If you open the Windows Defender interface, it offers to Turn On protection, but the button doesn't work. In the Services\u2026","rel":"","context":"In "Windows 10"","block_context":{"text":"Windows 10","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/windows-10\/"},"img":{"alt_text":"windows defender error 577","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/11\/windows-defender-577-error.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/11\/windows-defender-577-error.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/11\/windows-defender-577-error.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/11\/windows-defender-577-error.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4568,"url":"https:\/\/www.winhelponline.com\/blog\/defender-enable-pua-pup-adware-protection\/","url_meta":{"origin":4553,"position":4},"title":"How to Enable Scanning for PUA\/PUP\/Adware in Windows Defender","author":"Ramesh","date":"November 12, 2016","format":false,"excerpt":"Windows Defender can detect and remove malware and viruses, but it doesn't catch Potentially Unwanted Programs or crapware by default. However, there is an opt-in feature that you can enable to make Microsoft Defender antivirus scan and eliminate adware, PUAs, or PUPs in real-time. Potentially Unwanted Program (PUP), Potentially Unwanted\u2026","rel":"","context":"In "Windows"","block_context":{"text":"Windows","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/windows-defender-header.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/windows-defender-header.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/windows-defender-header.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":26019,"url":"https:\/\/www.winhelponline.com\/blog\/malwarebytes-error-unable-to-connect-service-577-wmi\/","url_meta":{"origin":4553,"position":5},"title":"Fix for Malwarebytes Error “Unable to connect the Service”","author":"Ramesh","date":"January 30, 2022","format":false,"excerpt":"When you try to open Malwarebytes Anti-Malware (MBAM) software on your Windows computer, you may receive the following error: Unable to start Unable to connect the Service If you attempt to start the \"Malwarebytes Service\" (MBAMService) service via Services MMC (services.msc), the following error may occur: Windows could not start\u2026","rel":"","context":"In "Utilities"","block_context":{"text":"Utilities","link":"https:\/\/www.winhelponline.com\/blog\/category\/utilities\/"},"img":{"alt_text":"malwarebytes error 1068","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2022\/01\/mbam-service-wmi-error-2.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts\/4553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/comments?post=4553"}],"version-history":[{"count":0,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts\/4553\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/media?parent=4553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/categories?post=4553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/tags?post=4553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Running a scan using MSRT<\/h2>\n
![\"run](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mrt-1.png\")
<\/p>\n![\"run](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mrt-6.png\")
<\/p>\n![\"run](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mrt-2.png\")
<\/p>\n![\"run](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mrt-3.png\")
<\/p>\n![\"run](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mrt-4.png\")
<\/p>\n![\"run](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mrt-5.png\")
<\/p>\nMicrosoft Windows Malicious Software Removal Tool v5.42, November 2016 (build 5.42.13202.0)\r\nStarted On Wed Nov 09 10:18:52 2016\r\nEngine: 1.1.13202.0\r\nSignatures: 1.231.682.0\r\nRun Mode: Interactive Graphical Mode\r\nSuccessfully Submitted Heartbeat Report\r\nMicrosoft Windows Malicious Software Removal Tool Finished On Wed Nov 09 11:19:58 2016\r\nReturn code: 0 (0x0)<\/code><\/pre>\n\/Q or \/quiet - quiet mode; if set, no UI is shown\r\n\/? or \/help - displays usage information\r\n\/N - detect-only mode\r\n\/F - force full scan\r\n\/F:Y - same as above, but automatically clean infected files.\r\n<\/code><\/pre>\nDisable MSRT from sending Telemetry Report to Microsoft<\/h2>\n
How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft?<\/em><\/h4>\n
HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MRT<\/pre>\n
Microsoft Safety Scanner<\/h2>\n
![\"microsoft](\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/11\/mss-1.png\")
<\/p>\nSo, which scanner should I use?<\/h2>\n