Stop Microsoft's Malicious Software Removal Tool From Phoning Home

A while back quite the kerfuffle was made over Windows 10's somewhat ambitious telemetry features. If you're still keen to keep you computer locked down -- so to speak -- you might want to make sure Microsoft's Malicious Software Removal Tool also isn't sending data back to Redmond.

gHacks' Martin Brinkmann decided to investigate after discovering the tool retains a log file of its activities on the main operating system drive. If you want to see if you're affected, the easiest way is to check if this log exists.

You'll find it located in the following directory (where "X" is your OS drive): X:\Windows\debug. The file is called mrt.log.

Crack it open and search for the line "Successfully Submitted Heartbeat Report". If found, it means the tool is indeed sending data back to Microsoft when it performs a scan. For those feeling paranoid, yes, you can stop this from happening.

There are several ways of stopping or disabling the heartbeat. For example, you can just block it via Windows Firewall, but more precise options exist if you don't want to apply what's essentially a sledgehammer to the situation.

Brinkmann provides these instructions for switching if off via the Registry:

Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT Right-click on MRT and select New > Dword (32-bit) Value from the context menu. Name the name Dword DontReportInfectionInformation Double-click the newly created Dword and set its value to 1.

He also goes on to provide another option that removes a command-line argument from the tool's scheduled scan task. You can apply both changes to be sure, though one should be sufficient.

Disable Microsoft Windows Malicious Software Removal Tool Heartbeat Telemetry [gHacks]


    Might it not be worthwhile to say what info this Heartbeat Telemetry is sending before we kill it?

      According to gHacks: "Microsoft notes in its privacy statement that the Malicious Software Removal Tool will sent a report to Microsoft with "specific data about malware detected, errors, and other data about your device" but fails to go into details. We don't know what is sent to Microsoft as part of Heartbeat other than the information that Microsoft revealed in its privacy statement."

      It'd be good to know what it sends back before everyone blocks it.

Join the discussion!