Should you run Windows Defender and the Malicious Software Removal Tool?

Martin Brinkmann
Oct 20, 2015
Security, Windows tips

Microsoft has created several security solutions in the past that are either available as standalone downloads or integrated in Windows directly.

The most common ones are Windows Defender, which Microsoft included in Windows Vista and successive versions of the Windows operating system, Microsoft Security Essentials, which is offered as a standalone version for versions of Windows prior to Windows 8, and the Malicious Software Removal Tool which is also available as a standalone version.

Windows Defender is a real-time antivirus solution that is active by default on systems running Windows 8 and newer. While some protection is better than none usually, it is fairly limited when it comes to protecting Windows from attacks and ranks low in independent antivirus tests.

The Malicious Software Removal Tool on the other hand has been designed specifically to remove malware from systems that are already infected (hence the name).

malicious software removal tool

One of the core differences between Windows Defender and the Malicious Software Removal Tool is therefore purpose. Windows Defender has been designed to block malicious code from being executed on the system to prevent infection of the system, while the Malicious Software Removal Tool's purpose is to remove infections on systems that are already infected.

Another difference is that Windows Defender runs all the time on the system like any other active antivirus solution while the Malicious Software Removal Tool only when the user activates it.

Last but not least, updates are released regularly for Windows Defender which update the definition database while updates for the Malicious Software Removal Tool are usually only released once a month on Microsoft's Patch Day (second Tuesday of each month).

So, do you need both?

windows defender

Microsoft's security solutions don't necessarily share information when it comes to the detection of threats. I asked Microsoft Support specifically about Windows Defender and MSRT and I was told that MSRT may support the removal of malicious software that Windows Defender cannot block.

I'm not sold on that 100% though considering that Windows Defender is listed as an option to detect and remove threats whenever a new MSRT update comes along.

While it is possible to list all the threats that Microsoft's Malicious Software Removal Tool supports, there seems to be no way to do the same for Windows Defender's definitions database.

It won't hurt obviously to run the Malicious Software Removal Tool once a month after it has been updated on Patch Day to make sure nothing slipped by.

Windows Defender was designed to deactivate automatically when another security solution is installed. That's where Microsoft's Software Removal Tool may come in handy as the installed security solution may not detect or remove all threats that Microsoft's tool supports.

Both programs are not providing the same level of protection that many third-party solutions offer due to their limited threat detection. While you may run them in addition to third-party security software, it is generally not recommended to run them exclusively on the system.

Now You: What's your experience in this regard?

Should you run Windows Defender and the Malicious Software Removal Tool?
Article Name
Should you run Windows Defender and the Malicious Software Removal Tool?
Should you run Windows Defender and the Malicious Software Removal Tool on Windows 8 or newer, and how do these security programs differ?

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Tom Hawack said on October 15, 2019 at 6:21 pm

    I don’t know how reliable ‘Windows Defender Firewall’, because here on Windows 7 with the OS’s firewall, some applications phone home although I’ve added an inbound and an outbound rule to block them. For instance, ‘EditPad’ Lite which attempts to connect to connect to and which fails to do so only because I block that connection with a DNSCrypt-proxy blacklist rule, and here what shows DNSCrypt-proxy query log : A REJECT 0ms quad9-dnscrypt-ip4-filter-pri

    quad9 is the DNS used with DNSCrypt-proxy. This means that Windows Firewall does not prevent an application added to its filters to connect to the Web, not always anyway.

    So I do hope Windows Defender Firewall does a better job.

    1. jan said on October 17, 2019 at 4:48 pm

      Hi Tom,
      You write:”I don’t know how reliable ‘Windows Defender Firewall….”.
      Let me tell you, based on my own experience, that firewall is really a POS (Piece Of Shit). It is really unreliable

  2. Stv said on October 15, 2019 at 7:38 pm

    Every software is able to write a firewall condition under windows i think, Windows Firewall is a trash

    The first software that i always install (when i need internet in vboxed windows) is Simple Wall.

    1. Cor said on October 15, 2019 at 9:22 pm

      I also really like his version of Chromium

      1. owl said on October 24, 2019 at 10:12 am
        I also, “Simple Wall” is a favorite. That’s enough.

        henrypp/chromium: Chromium builds with codecs | GitHub
        Chromium builds with codecs
        Download latest stable Chromium binaries (64-bit and 32-bit) |
        It is very interesting.
        And, “Notes” There are must-see value.

  3. ULBoom said on October 15, 2019 at 9:26 pm

    There’s an easy page for blocking/allowing programs to go out in the main firewall window, click on:
    Allow and App or feature through Windows Firewall.

    Otherwise, good overview of rules creation. I’ve never had a program sneak out if its rule is set up right.

    Yes, Windows defaults to letting most anything through as do other firewalls I’ve used. Probably preferrable to blocking everything except in critical security situations.

  4. B said on October 15, 2019 at 10:30 pm

    To quickly achieve the same end result as the steps above, I always install “OneClickFirewall” – less complex than anything like WFC, it just gives you a right click context menu on any exe for “Block internet access” and “Restore internet access”. Very handy!

    1. Rush said on October 16, 2019 at 7:42 pm

      @ B

      I downloaded the OCF program but I did not install it.

      Virus Total found one two red engines:

      Antiy-AVL – Trojan/Win32.Fuerboos


      MaxSecure – Trojan.Malware.7164915.susgen

  5. Paul(us) said on October 15, 2019 at 10:45 pm

    Nice article Ashwin.

    Sometimes I like to quit (disable the Internet connection temporarily) all internet connection than I use the free software program for windows Net disabler v.1. 0 ( Latest release ’17-02-21).

  6. Software tester 0101 said on October 15, 2019 at 11:23 pm

    Here is the easiest methode to block Windows programs from accessing the internet ; Application name is FAB (Firewall Application blocker) it is a Portable freeware , usage is just drag and drop the Application icon

  7. Ray said on October 16, 2019 at 12:29 am

    Thanks Ashwin. I always forget about the internals of Windows Firewall.

    Just set up some outbound rules to block some apps that shouldn’t have internet access. Thanks again!

  8. Dave said on October 16, 2019 at 4:17 am

    Ashwin, it doesn’t work.

    Try this. Install steam and login. Rules wil be automatically created to allow steam.

    Now log out and close steam. Change the firewall rules to block.

    Open steam again and login in.

    Go back to the firewall to find new allow rules created for it.

    Basically, anyone willing to pay microsoft to be added to a “trusted list” gets a free ticket past the windows firewall wether you want them to or not.

    Now go get Windows Firewall Control (I reccomend finding a pre MWB version) and install it and setup it up. Then turn on secure rules. Now repaet the steps with Steam and it will stay blocked.

  9. limonec said on October 16, 2019 at 5:45 am

    Fast, free and simple solution for the beginners and non-professional: Firewall App Blocker

    1. The Gobbler said on October 16, 2020 at 9:02 am

      Sordum’s Firewall App Blocker is great. Just right-click any exe file and it gets blocked in Windows Firewall, without going through all those steps. Also note, this feature is also in Sordum’s Easy Context Menu. All free.

  10. Parry Hotter said on October 16, 2019 at 3:47 pm

    The heck with all of that. Just use a superior and much easier to use front end for the built in firewall. Malwarebytes Windows Firewall Control is excellent.

  11. Petter said on October 16, 2019 at 6:29 pm

    I’ll just put this here: TinyWall

  12. Jafp said on December 17, 2019 at 7:40 pm

    What gets me most is that large number of windows processes is trying to get access to internet. Why? Windows DOES not need access to internet even to install it and can run without internet. The only possible exception being network management.
    Just another case of spyware?
    MS should be legislated to provide full description and reasons for those services demand for access as it is potentially abusing privacy.

    1. Hank said on October 16, 2020 at 9:08 am


      Your logic is sketchy and lacks reasonable facts. Perhaps you need to be legislated.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.