MS System Sweeper! Is this a new tool?

Sorry if it's already been discussed!
http://www.majorgeeks.com/Microsoft_Standalone_System_Sweeper_d6993.html

 

-http://www.softpedia.com/progScreenshots/Microsoft-Standalone-System-Sweeper-Screenshot-188854.html

It will allow you to create a rescue disk/usb. I must say I welcome this!

It will download a small file and then you'll need an Internet connection to download the needed files. If you make use of an USB, then next time, it will update the malware definitions. (As shown in the images at Softpedia.)

It's still in beta.

 

Official site: http://connect.microsoft.com/systemsweeper
Review: http://www.ghacks.net/2011/05/30/microsoft-standalone-system-sweeper/

I think it's similar to Norton Bootable Recovery Tool, except that you don't need a license.

 

Same as the tool included with the Microsoft Diagnostics and Recovery Toolset (MSDaRT).

 

It would be interesting to know what the scan options are and how long scanning takes. I've only used the Norton Bootable Recovery Tool once. It did the job of removing the malware, but it only does a full scan and it took a long time - not the best tool in the field where time is a factor.

 

MSDaRT has been very handy.

 

Is MSDaRT free?

 

This is much better than NBRT. Along with being free, it's standalone and leaves little traces. The signatures are downloaded right after execution, and before burning the files onto a removable media.
It also uses Win PE 3, which detect my RAID with no problems. You can choose which system partitions to scan. You can do a quick, full, or custom scan. There are options to configure, including exclusions, scan archives/emails, scan removable drives, and use heuristics.

Just finished a quick scan which took 9:27. Awesome tool to have.

 

No, it isn't.

 

I just ran across it on a tech blog and looked for it here. How effective is it?

-http://securitygarden.blogspot.com/2011/06/setting-up-microsoft-standalone-system.html

-https://connect.microsoft.com/systemsweeper

-https://connect.microsoft.com/systemsweeper/content/content.aspx?ContentID=24894

-http://www.microsoft.com/security/portal/Definitions/ADL.aspx

 

Probably a bit better than MSE, due to malware being dormant. The interface looks very similar, and signatures are most likely identical. I'll try checking engine version later.

Client Version: 2.0.213.0
Engine Version: 1.1.6903.0
Antivirus definitions: 1.105.2325.0
Antispyware definitions: 1.105.2325.0

 

Actually, the UI resembles the one from Windows Defender and not MSE. I wonder why not MSE, though... it's prettier.

 

Somehow I forgot about the new MSE interface.

 

I got one request to the vendors out there. If you release products please keep the names under 1 tag with a different extension in the job it does. I mean there are hundreds of thousands of rogue malware out there using names like XP aNTIVIRUS etc etc. I mean Ms sweeper sounds like something you would name a rogue.

 

My main questions would be:
1. will this automatically repair system settings after one of those rogue apps (e.g. broken .exes);
2. and will it replace infected system files?

Can do all this manually, but it'd be nice (as a Microsoft tool) that it might automatically scan and detect for the common changes that you see with fake AVs and Fake.HDD utils.

 

The program adds approximately 200 MB of files to the system partition.

 

Odd considering the system partition is only 100mb.

 

Yes true. I meant the partition where Windows is installed, which Microsoft calls the boot partition. Anyway, I wasn't sure if others were aware of this behavior. I believe the folder created is in \windows.

 

For me, it added "6725ded7b3a703427269dc840a80325f" folder to my larger data partition.

Has anyone seen it detect a file? What choices were given to the user?

 

Is that the folder containing roughly 200 MB?

 

It's currently empty. I found the other folder, and it's 1.07 GB , because of old definitions. Is it safe to delete it?

 

I did, with no ill effects. Can you report the exact folder location, for the benefit of others reading this who might want to delete it?

 

C:\Windows\Standalone System Sweeper and E:\6725ded7b3a703427269dc840a80325f (D: is my DVD drive).

Will add the custom rule on CCleaner.

 

They have released a new version, now named Windows Defender Offline, and it looks exactly like MSE v4 beta.

Images at Softpedia -http://www.softpedia.com/progScreenshots/Windows-Defender-Offline-Screenshot-202025.html

 

And MSE4 has restricted options as i read last days - due some complaints from
other antimalware authors Is same for "Windows Defender Offline"?

(anyway - WD is disabled here i use MBAM/ondemand)