News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Telemetry from the Malicious Software Removal Tool

    Posted on October 19th, 2016 at 15:31 woody Comment on the AskWoody Lounge

    This is disturbing. From reader CA:

    While performing a routine audit on one of my machines, I was surprised to discover that MSRT now sends a “Heartbeat Report” to MS on each run. This appears to be a new feature that was introduced with MSRT v5.39, August 2016 (build 5.39.12900.0).

    The MRT log can be found here:

    %windir%\debug\mrt.log

    As you know, MSRT executes an automatic scan after the monthly patch process completes. If you check the MRT log, you’ll note the change in the section “Results Summary” where beginning in August there is a new line that states:

    “Successfully Submitted Heartbeat Report”

    This occurs with CEIP disabled and with “DiagTrack” not present on the machines.

    The MS Privacy Statement is here:

    https://privacy.microsoft.com/en-us/privacystatement/

    In the section “Malicious Software Removal Tool” it states:

    “During a malware check, a report will be sent to Microsoft with specific data about malware detected, errors, and other data about your device.”

    I could not locate any specifics about “other data”. I did, however, locate a couple of relevant KB articles:

    Deployment of the Malicious Software Removal Tool in an enterprise environment
    https://support.microsoft.com/en-us/kb/891716

    How to troubleshoot an error when you run the MSRT
    https://support.microsoft.com/en-us/kb/891717

    Of particular note is KB 891716 which was last updated on 10/11/16 (v150). Toward the bottom of the document are instructions for a registry edit that disables the telemetry (supposedly).

    Subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT

    Entry name: \DontReportInfectionInformation
    Type: REG_DWORD
    Value data: 1

    While not in the same league as other telemetry metrics, I find this disturbing since two of my machines are supposedly secure and free of unwanted outbound data leaks. My last full audit of these machines was undertaken in July – guess it’s time for another.

    Yeah, I know, I’m wearing my tin-foil hat, but it appears MS is determined to inject telemetry into Win 7 using any means possible. I paid for my copies of Win 7 and didn’t agree to this crap upon purchase.