heartbeat…

Topic

New Reply

[a]

a comment led me to look at the old 2016 Brinkmann stuff.

https://www.ghacks.net/2016/10/20/disable-microsoft-windows-malicious-software-removal-tool-heartbeat-telemetry/

mrt.log had a single entry from my yesterday(Nov1) update (before patch Tues).  I checked in task scheduler but no RemovalTools. So I put the line in the registry – there was no MRT folder so I created it and then added the suggested option. I have no idea where MRT is or if that will actually stop it – probably have to wait till next month to find out – just checking for updates does nothing before or after…

EDIT: there is a mrt.exe in system32 and also an empty MRT folder in system32. I suppose I could delete the mrt.exe … 🙂

• This topic was modified 5 years, 4 months ago by a.
• This topic was modified 5 years, 4 months ago by a.
• This topic was modified 5 years, 4 months ago by a.

Reply | Quote

Replies

Double clicking C:\Windows\System32\mrt.exe runs the tool via the GUI without sending the heartbeat.
Running MRT with the /Q /N switches sends the heartbeat.
Adding the registry key disables the heartbeat.
Every run adds a new entry in the C:\Windows\debug\mrt.log

Tested on my W8.1 box.

cheers, Paul

4 users thanked author for this post.

jburk07, Microfix, Kirsty, a

Reply | Quote

Hey, thanks! So that registry key does work!

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT\ DontReportInfectionInformation = 1

Apparently it only does it on an actual update –

“Microsoft Windows Malicious Software Removal Tool v5.76, October 2019 (build 5.76.16439.1)
Started On Fri Nov 1 23:56:41 2019

Engine: 1.1.16300.1
Signatures: 1.301.2099.0
MpGear: 1.1.16330.1
Run Mode: Scan Run From Windows Update

Results Summary:
—————-
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 1 23:58:40 2019 Return code: 0 (0x0)”

so I won’t see any difference until my next update before-patch-Tuesday.

Thanks!!!

1 user thanked author for this post.

jburk07

Reply | Quote

Having not used MRT for years (disabled) on our Win8.1 had/have absolutely no problems here on 3 Win8.1 devices, after all, we have anti-virus/malware checkers anyway.
As another OPTION you can disable MRT from downloading during patching.
To disable MRT from downloading, in regedit navigating to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
then create the following DontOfferThroughWUAU =dword:00000001

If debian is good enough for NASA...

1 user thanked author for this post.

a

Reply | Quote

Hey @Microfix , thanks for looking in. Yeah I saw that when I was looking around, but just now added it at your suggestion. Thanks! Yeah, I run Bitdefender and it seems to catch stuff (that IE lets in 🙂  )(I Never use IE but recently had to test something) Used to run Avast and the like but they started having problems if I recall correctly.

Thanks!

Reply | Quote

As far as I can tell, MRT runs just once, when it is installed every month. It does not seem to do harm, also as far as I can tell, and it might even do some good, for all I know. Does anyone here knows otherwise? For as many years now as it has been around, I have been installing it along with the monthly patches. Because: why not? I don’t bother with its reports. My own AV does a good enough reporting job.

In other words: from my own perspective, installing the MRT monthly and letting it run is a total nonevent.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I have avoided the MSRT update in the past a couple times because I heard of issues ranging from minor to more serious, as Born notes back in 2017. https://borncity.com/win/2017/04/13/issued-with-update-kb890830-microsoft-removal-tool/

I have recently been updating the tool each month with the cumulative rollups. It hasn’t been a problem for me so I keep it in the queue of Important and let it ride. It also hasn’t interfered with my third party AV. If there are any issues people are having who also include it in their updating schedule, I will note it and avoid the update for the MSRT that month.

MacOS iPadOS and sometimes SOS

3 users thanked author for this post.

a, jburk07, Microfix

Reply | Quote