Prevent Malicious Software Removal Tool from phoning home - gHacks Tech News

Prevent Malicious Software Removal Tool from phoning home

The Microsoft Windows Malicious Software Removal Tool is a security program provided by Microsoft that scans computer systems for dozens of common malicious applications. This tool was never meant to replace an existing virus scanner but it offers a quick and easy way to scan and remove popular worms and viruses from a computer system.

It does not offer realtime protection of a system, and it is highly recommended that you run another antivirus software on your system in addition to it.

Advanced users won't rely on this software from Microsoft at all but I suppose it could be useful for inexperienced users or as an additional means of protection. There is however one "feature" that cannot be turned off by normal means. The Malicious Software Removal Tool reports back to a Microsoft server whenever it finishes a scan of the system.

The only way to turn off this option is to create a new Registry key. Open your Registry first, click on Start, Run and type registry in the box. Hit enter and the Registry should appear.

Tip: you can alternatively use Windows-R to bring up the runbox, type in regedit and tap on the enter key for the same effect.

Now navigate to the Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT and check if it contains a Dword named DontReportInfectionInformation.

If this is not the case you can add it. Right-click the right pane and select New > Dword from the menu. Enter the string DontReportInfectionInformation as the name of the Dword. Double-click it afterwards and set the value of it to 1.

Microsoft windows malicious software removal tool

This ensures that the Malicious Software Removal Tool will not report back to Microsoft whenever a scan of the PC finishes.

Update: The program is now a standalone application that is not installed anymore. Since this is the case, it does not add entries to the Windows Registry anymore. One option that you may have to prevent it from phoning home is to block its Internet connections using your firewall.

Just create a new rule in the firewall that blocks the tool from making any outbound connections. To do so tap on the Windows-key, type firewall and hit enter. Select Outbound connections and click on "new rule" on the page that opens up.

Select Program under Rule Type, then the executable file of the Malicious Software Removal Tool in the next step, and in the next step "block the connection". Click next again, add a name for the rule and click finish to save the new firewall rule.

Summary
Prevent Malicious Software Removal Tool from phoning home
Article Name
Prevent Malicious Software Removal Tool from phoning home
Description
The guide walks you through the steps of preventing Microsoft's Malicious Software Removal Tool from phoning home after scans complete.
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Jojo said on December 16, 2007 at 2:33 pm
      Reply

      Why do I care if the tool reports back to MS? Too much paranoia methinks!

    2. Martin said on December 16, 2007 at 2:37 pm
      Reply

      Because you don’t know what data the program sends to Microsoft ? Because Microsoft did not include such an option in the program ? Because you think it is your right to decide if you want to send a report to Microsoft ?

    3. D3 said on December 16, 2007 at 7:05 pm
      Reply

      MS is an evil corporation that wants your firstborn ….lol

    4. fsc said on December 17, 2007 at 9:45 am
      Reply

      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
      does not exist in my registry…i know i installed the malicious software removal tool update. could MRT be located elsewhere?

    5. D3 said on December 17, 2007 at 11:45 pm
      Reply

      I know i install it every time and i don’t have it either. doesn’t it remove itself after it finishes with it’s scan?

    6. Manitook said on January 6, 2008 at 8:08 pm
      Reply

      Hmm I don’t have it on any of my computers either..
      XP tablet
      XP pro
      XP home
      I have the tool installed, last updated…
      Windows XP Windows Malicious Software Removal Tool – December 2007 (KB890830) Wednesday, December 12, 2007 Microsoft Update

      where did you find this at Martin?

    7. Brian said on January 10, 2008 at 3:58 am
      Reply

      The tool runs once a month after download – usually the on 1st login after the 2nd Tuesday. However, it will sometimes corrupt Windows profiles if a login occurs before it is finished scanning.

      It does not get installed on the computer. It just runs and deletes itself. New versions are released monthly – if new virus signatures have been added. New releases are cumulative and contain all the signatures from previous versions.

      The program is JUNK and uneeded if you have a good anti-virus program. It caused us to disable Windows updates while we searched for why our users were losing their Outlook settings.

      More information: http://support.microsoft.com/?kbid=890830

      Download Information: http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en&displaylang=en

      From Microsft KB890830:
      “A user may log on to a computer while the Windows Malicious Software Removal Tool is running in the background. (The tool may be running as part of a deployment that uses Windows Server Update Services.) In this case, Windows may inform the user that the current user profile is corrupted and that a new profile is being created. To resolve this issue, the new profile can be removed. The user can logon to the system again at a time when the tool is not running. This issue is most likely to occur on a Windows 2000-based computer.”

    8. Tom said on March 31, 2009 at 2:36 pm
      Reply

      For those running Vista x64 this entry is in:
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RemovalTools\MRT

      Hope this helps.

    9. Anonymous said on October 25, 2010 at 1:00 pm
      Reply

      On a Windows 7 Pro System, the Registry Path is:
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\RemovalTools\MRT

    10. gggirlgeek said on December 23, 2010 at 6:52 am
      Reply

      Thanks for the Win7 reg key. One less Phone-Home annoyance for me.

      1. geoffc said on February 25, 2012 at 2:28 am
        Reply

        Thanks – Now we know why our profile was stuffed every month.

    11. gguy said on May 14, 2013 at 7:14 pm
      Reply

      The microsoft site says the entry name is

      \DontReportInfectionInformation

      Does the backslash have to be included to work? Does the entry work with or without the backslash? There are other entries in the registry that start with a backslash.

      1. Martin Brinkmann said on May 15, 2013 at 1:52 am
        Reply

        I would use it exactly how Microsoft has written it down on their website. When in doubt, create two entries so that you have both options covered. Or, simply block the program in the firewall.

    Leave a Reply