Is this tool really needed to be DL and used with the monthly updates? I mean with a good security set up why is this needed? does anyone un tick it?
Personally I never download and install it. I think it is part of windows defender which is deactivated on my machine anyway.
It's another set of eyes and it's free. You don't have to download it with monthly updates, just uncheck it.
It also provides Microsoft telemetry data on how well its security products are protecting its users.
Malicious Software Removel Tool has been around for years. I ran it every month even when it wasn´t distributed via Microsoft Update. In my case, it has never caused any problem, and never reported the presence of malware.
It removed something that was a false positive and with no quarantine there was nothing i could do about it. Avoided it since then.
AFAIK when it downloads it only runs a quick scan. You would have to click on the MRT.exe and run that to do a full system scan which can take a while. It also I believe shows a list of what malware it checks , but as trott3r mentioned I don't see a way if it does find anything to be able to quarantine . Not good if it removes something that is a false positive without recovery capability.
I've never been using it since... since... well, I can't remember the last time I've ever used it. =V In all seriousness though, it created an executable in a non-system partition. That's why I stopped updating and running it.
Does it still do this, automatically remove stuff that it considers "malware" without asking? I'm mainly asking because I might start using Windows 10 soon and not installing specific updates like MSRT is a bit harder there (although still possible for now with wushowhide).
Yes it does. There is an infection report that you can look at to see what it removed. It comes with a set of return codes that indicates if it was successful or not. The MSRT infection report contains scan and/or removal information as well as device info and IP address. The Tool writes details about the result of its execution in the %windir%\debug\mrt.log log file. If Windows Update is turned off, MSRT will not be offered so nothing gets sent to Microsoft. You can turn off the MSRT infection report. If this registry key value is set, the tool will not report infection information back to Microsoft. Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT Entry name: \DontReportInfectionInformation Type: REG_DWORD Value data: 1
If you manually download the MSRT (rather than having it run through Windows Update), you can run it from a command prompt with a /N parameter, which is supposed to find/list problems, without removing anything.
With respect to telemetry and in addition to what emmjay posted, see this article from Martin Brinkmann and comments there: http://www.ghacks.net/2016/10/20/di...us-software-removal-tool-heartbeat-telemetry/
It detects only about 150 families from 2005 to 2016. Even the lamest AV scanner detects more, so why would anyone bother scanning with this is beyond me?! https://support.microsoft.com/en-us/kb/890830
Because every month, there is an emphasis on prevalent threats, as shown in the last 6 months: https://www.wilderssecurity.com/thr...unsolicited-ads-through-dns-hijacking.390628/ https://www.wilderssecurity.com/thr...owhere-to-hide-in-this-months-release.389796/ https://www.wilderssecurity.com/thr...ing-more-unwanted-software-detections.389173/ https://www.wilderssecurity.com/threads/msrt-september-2016-release-feature-prifou.388580/ https://www.wilderssecurity.com/threads/msrt-august-2016-release-adds-neobar-detection.387756/ https://www.wilderssecurity.com/threads/msrt-july-2016-cerber-ransomware.387089/ And, it's quick, without needing installation. Just one more tool in your arsenal.