A while back quite the kerfuffle was made over Windows 10’s somewhat ambitious telemetry features. If you’re still keen to keep you computer locked down — so to speak — you might want to make sure Microsoft’s Malicious Software Removal Tool also isn’t sending data back to Redmond.
gHacks’ Martin Brinkmann decided to investigate after discovering the tool retains a log file of its activities on the main operating system drive. If you want to see if you’re affected, the easiest way is to check if this log exists.
You’ll find it located in the following directory (where “X” is your OS drive):
X:Windowsdebug. The file is called
Crack it open and search for the line “Successfully Submitted Heartbeat Report”. If found, it means the tool is indeed sending data back to Microsoft when it performs a scan. For those feeling paranoid, yes, you can stop this from happening.
There are several ways of stopping or disabling the heartbeat. For example, you can just block it via Windows Firewall, but more precise options exist if you don’t want to apply what’s essentially a sledgehammer to the situation.
Brinkmann provides these instructions for switching if off via the Registry:
Navigate to the key: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMRT
Right-click on MRT and select New > Dword (32-bit) Value from the context menu.
Name the name Dword DontReportInfectionInformation
Double-click the newly created Dword and set its value to 1.
He also goes on to provide another option that removes a command-line argument from the tool’s scheduled scan task. You can apply both changes to be sure, though one should be sufficient.