Stop Microsoft’s Malicious Software Removal Tool From Phoning Home

A while back quite the kerfuffle was made over Windows 10’s somewhat ambitious telemetry features. If you’re still keen to keep you computer locked down — so to speak — you might want to make sure Microsoft’s Malicious Software Removal Tool also isn’t sending data back to Redmond.

gHacks’ Martin Brinkmann decided to investigate after discovering the tool retains a log file of its activities on the main operating system drive. If you want to see if you’re affected, the easiest way is to check if this log exists.

You’ll find it located in the following directory (where “X” is your OS drive): X:Windowsdebug. The file is called mrt.log.

Crack it open and search for the line “Successfully Submitted Heartbeat Report”. If found, it means the tool is indeed sending data back to Microsoft when it performs a scan. For those feeling paranoid, yes, you can stop this from happening.

There are several ways of stopping or disabling the heartbeat. For example, you can just block it via Windows Firewall, but more precise options exist if you don’t want to apply what’s essentially a sledgehammer to the situation.

Brinkmann provides these instructions for switching if off via the Registry:

Navigate to the key: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMRT
Right-click on MRT and select New > Dword (32-bit) Value from the context menu.
Name the name Dword DontReportInfectionInformation
Double-click the newly created Dword and set its value to 1.

He also goes on to provide another option that removes a command-line argument from the tool’s scheduled scan task. You can apply both changes to be sure, though one should be sufficient.

Disable Microsoft Windows Malicious Software Removal Tool Heartbeat Telemetry [gHacks]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


One response to “Stop Microsoft’s Malicious Software Removal Tool From Phoning Home”