Prevent Malicious Software Removal Tool from phoning home

Martin Brinkmann
Dec 16, 2007
Updated • Oct 13, 2015
Windows, Windows tips
|
13

The Microsoft Windows Malicious Software Removal Tool is a security program provided by Microsoft that scans computer systems for dozens of common malicious applications. This tool was never meant to replace an existing virus scanner but it offers a quick and easy way to scan and remove popular worms and viruses from a computer system.

It does not offer realtime protection of a system, and it is highly recommended that you run another antivirus software on your system in addition to it.

Advanced users won't rely on this software from Microsoft at all but I suppose it could be useful for inexperienced users or as an additional means of protection. There is however one "feature" that cannot be turned off by normal means. The Malicious Software Removal Tool reports back to a Microsoft server whenever it finishes a scan of the system.

The only way to turn off this option is to create a new Registry key. Open your Registry first, click on Start, Run and type registry in the box. Hit enter and the Registry should appear.

Tip: you can alternatively use Windows-R to bring up the runbox, type in regedit and tap on the enter key for the same effect.

Now navigate to the Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT and check if it contains a Dword named DontReportInfectionInformation.

If this is not the case you can add it. Right-click the right pane and select New > Dword from the menu. Enter the string DontReportInfectionInformation as the name of the Dword. Double-click it afterwards and set the value of it to 1.

Microsoft windows malicious software removal tool

This ensures that the Malicious Software Removal Tool will not report back to Microsoft whenever a scan of the PC finishes.

Update: The program is now a standalone application that is not installed anymore. Since this is the case, it does not add entries to the Windows Registry anymore. One option that you may have to prevent it from phoning home is to block its Internet connections using your firewall.

Just create a new rule in the firewall that blocks the tool from making any outbound connections. To do so tap on the Windows-key, type firewall and hit enter. Select Outbound connections and click on "new rule" on the page that opens up.

Select Program under Rule Type, then the executable file of the Malicious Software Removal Tool in the next step, and in the next step "block the connection". Click next again, add a name for the rule and click finish to save the new firewall rule.

Summary
Prevent Malicious Software Removal Tool from phoning home
Article Name
Prevent Malicious Software Removal Tool from phoning home
Description
The guide walks you through the steps of preventing Microsoft's Malicious Software Removal Tool from phoning home after scans complete.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. gguy said on May 14, 2013 at 7:14 pm
    Reply

    The microsoft site says the entry name is

    \DontReportInfectionInformation

    Does the backslash have to be included to work? Does the entry work with or without the backslash? There are other entries in the registry that start with a backslash.

    1. Martin Brinkmann said on May 15, 2013 at 1:52 am
      Reply

      I would use it exactly how Microsoft has written it down on their website. When in doubt, create two entries so that you have both options covered. Or, simply block the program in the firewall.

  2. gggirlgeek said on December 23, 2010 at 6:52 am
    Reply

    Thanks for the Win7 reg key. One less Phone-Home annoyance for me.

    1. geoffc said on February 25, 2012 at 2:28 am
      Reply

      Thanks – Now we know why our profile was stuffed every month.

  3. Anonymous said on October 25, 2010 at 1:00 pm
    Reply

    On a Windows 7 Pro System, the Registry Path is:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\RemovalTools\MRT

  4. Tom said on March 31, 2009 at 2:36 pm
    Reply

    For those running Vista x64 this entry is in:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RemovalTools\MRT

    Hope this helps.

  5. Brian said on January 10, 2008 at 3:58 am
    Reply

    The tool runs once a month after download – usually the on 1st login after the 2nd Tuesday. However, it will sometimes corrupt Windows profiles if a login occurs before it is finished scanning.

    It does not get installed on the computer. It just runs and deletes itself. New versions are released monthly – if new virus signatures have been added. New releases are cumulative and contain all the signatures from previous versions.

    The program is JUNK and uneeded if you have a good anti-virus program. It caused us to disable Windows updates while we searched for why our users were losing their Outlook settings.

    More information: http://support.microsoft.com/?kbid=890830

    Download Information: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en&displaylang=en

    From Microsft KB890830:
    “A user may log on to a computer while the Windows Malicious Software Removal Tool is running in the background. (The tool may be running as part of a deployment that uses Windows Server Update Services.) In this case, Windows may inform the user that the current user profile is corrupted and that a new profile is being created. To resolve this issue, the new profile can be removed. The user can logon to the system again at a time when the tool is not running. This issue is most likely to occur on a Windows 2000-based computer.”

  6. Manitook said on January 6, 2008 at 8:08 pm
    Reply

    Hmm I don’t have it on any of my computers either..
    XP tablet
    XP pro
    XP home
    I have the tool installed, last updated…
    Windows XP Windows Malicious Software Removal Tool – December 2007 (KB890830) Wednesday, December 12, 2007 Microsoft Update

    where did you find this at Martin?

  7. D3 said on December 17, 2007 at 11:45 pm
    Reply

    I know i install it every time and i don’t have it either. doesn’t it remove itself after it finishes with it’s scan?

  8. fsc said on December 17, 2007 at 9:45 am
    Reply

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
    does not exist in my registry…i know i installed the malicious software removal tool update. could MRT be located elsewhere?

  9. D3 said on December 16, 2007 at 7:05 pm
    Reply

    MS is an evil corporation that wants your firstborn ….lol

  10. Martin said on December 16, 2007 at 2:37 pm
    Reply

    Because you don’t know what data the program sends to Microsoft ? Because Microsoft did not include such an option in the program ? Because you think it is your right to decide if you want to send a report to Microsoft ?

  11. Jojo said on December 16, 2007 at 2:33 pm
    Reply

    Why do I care if the tool reports back to MS? Too much paranoia methinks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.