• Telemetry from the Malicious Software Removal Tool

    Posted on October 19, 2016 at 15:31 CDT by Comment in the Forums

    This is disturbing. From reader CA:

    While performing a routine audit on one of my machines, I was surprised to discover that MSRT now sends a “Heartbeat Report” to MS on each run. This appears to be a new feature that was introduced with MSRT v5.39, August 2016 (build 5.39.12900.0).

    The MRT log can be found here:

    %windir%\debug\mrt.log

    As you know, MSRT executes an automatic scan after the monthly patch process completes. If you check the MRT log, you’ll note the change in the section “Results Summary” where beginning in August there is a new line that states:

    “Successfully Submitted Heartbeat Report”

    This occurs with CEIP disabled and with “DiagTrack” not present on the machines.

    The MS Privacy Statement is here:

    https://privacy.microsoft.com/en-us/privacystatement/

    In the section “Malicious Software Removal Tool” it states:

    “During a malware check, a report will be sent to Microsoft with specific data about malware detected, errors, and other data about your device.”

    I could not locate any specifics about “other data”. I did, however, locate a couple of relevant KB articles:

    Deployment of the Malicious Software Removal Tool in an enterprise environment
    https://support.microsoft.com/en-us/kb/891716

    How to troubleshoot an error when you run the MSRT
    https://support.microsoft.com/en-us/kb/891717

    Of particular note is KB 891716 which was last updated on 10/11/16 (v150). Toward the bottom of the document are instructions for a registry edit that disables the telemetry (supposedly).

    Subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT

    Entry name: \DontReportInfectionInformation
    Type: REG_DWORD
    Value data: 1

    While not in the same league as other telemetry metrics, I find this disturbing since two of my machines are supposedly secure and free of unwanted outbound data leaks. My last full audit of these machines was undertaken in July – guess it’s time for another.

    Yeah, I know, I’m wearing my tin-foil hat, but it appears MS is determined to inject telemetry into Win 7 using any means possible. I paid for my copies of Win 7 and didn’t agree to this crap upon purchase.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.