Alerting - Malicious software removal tool

November 25, 2008

I would like to know if it's possible to configure alerting with MRT? We

would like to know when an infection is detected on a workstation in our

enterprise, is this possible?

November 25, 2008

In article <76EBC48A-3CAC-4210-852F-079C8AC9611B@microsoft.com>,

Jeepn@discussions.microsoft.com says...

> I would like to know if it's possible to configure alerting with MRT? We

> would like to know when an infection is detected on a workstation in our

> enterprise, is this possible?

Almost all managed AV products (Symantec Corporate Edition, Symantec End

Point Protection) come with an alert and reporting system.

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 25, 2008

Thanks, but I am refering to Microsofts Malicious Software Removal tool not

3rd party antivirus software.

"Leythos" wrote:

> In article <76EBC48A-3CAC-4210-852F-079C8AC9611B@microsoft.com>,

> Jeepn@discussions.microsoft.com says...

> > I would like to know if it's possible to configure alerting with MRT? We

> > would like to know when an infection is detected on a workstation in our

> > enterprise, is this possible?

>

> Almost all managed AV products (Symantec Corporate Edition, Symantec End

> Point Protection) come with an alert and reporting system.

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

>

November 25, 2008

On Tue, 25 Nov 2008 06:34:10 -0800, Jeepn <Jeepn@discussions.microsoft.com>

wrote:

>I would like to know if it's possible to configure alerting with MRT? We

>would like to know when an infection is detected on a workstation in our

>enterprise, is this possible?

Yes, if you don't mind parsing log files.

http://support.microsoft.com/kb/891716

November 25, 2008

Ya I'm that is what I'm trying to avoid

thanks

"Geoff" wrote:

> On Tue, 25 Nov 2008 06:34:10 -0800, Jeepn <Jeepn@discussions.microsoft.com>

> wrote:

>

> >I would like to know if it's possible to configure alerting with MRT? We

> >would like to know when an infection is detected on a workstation in our

> >enterprise, is this possible?

>

> Yes, if you don't mind parsing log files.

> http://support.microsoft.com/kb/891716

>

November 25, 2008

On Tue, 25 Nov 2008 10:51:01 -0800, Jeepn <Jeepn@discussions.microsoft.com>

wrote:

>

>"Geoff" wrote:

>

>> On Tue, 25 Nov 2008 06:34:10 -0800, Jeepn <Jeepn@discussions.microsoft.com>

>> wrote:

>>

>> >I would like to know if it's possible to configure alerting with MRT? We

>> >would like to know when an infection is detected on a workstation in our

>> >enterprise, is this possible?

>>

>> Yes, if you don't mind parsing log files.

>> http://support.microsoft.com/kb/891716

>>

>

>Ya I'm that is what I'm trying to avoid

>

>thanks

In that case the answer is No.

Unless you run it from a script and examine the return code and

conditionally mail or "net send" an alert from the script to the admin

accounts describing the machine and the return code, then take action

accordingly. As an admin you should be no stranger to this.

In any case, MRT can only be run on schedule or from a script.

Otherwise run mrt.exe /F:Y at intervals and forget about notifications. It

should not be your primary A-V tool anyway, there are much better tools out

there.

November 25, 2008

Thanks, It's definitely not our primary, our security team was just wanting

to be aware of it if something was detected on our network.

"Geoff" wrote:

> On Tue, 25 Nov 2008 10:51:01 -0800, Jeepn <Jeepn@discussions.microsoft.com>

> wrote:

> >

> >"Geoff" wrote:

> >

> >> On Tue, 25 Nov 2008 06:34:10 -0800, Jeepn <Jeepn@discussions.microsoft.com>

> >> wrote:

> >>

> >> >I would like to know if it's possible to configure alerting with MRT? We

> >> >would like to know when an infection is detected on a workstation in our

> >> >enterprise, is this possible?

> >>

> >> Yes, if you don't mind parsing log files.

> >> http://support.microsoft.com/kb/891716

> >>

> >

> >Ya I'm that is what I'm trying to avoid

> >

> >thanks

>

> In that case the answer is No.

>

> Unless you run it from a script and examine the return code and

> conditionally mail or "net send" an alert from the script to the admin

> accounts describing the machine and the return code, then take action

> accordingly. As an admin you should be no stranger to this.

>

> In any case, MRT can only be run on schedule or from a script.

>

> Otherwise run mrt.exe /F:Y at intervals and forget about notifications. It

> should not be your primary A-V tool anyway, there are much better tools out

> there.

>

November 25, 2008

In article <AAB34DA4-BCE3-4295-9232-CF0AB26E5E82@microsoft.com>,

Jeepn@discussions.microsoft.com says...

> Thanks, but I am refering to Microsofts Malicious Software Removal tool not

> 3rd party antivirus software.

>

The MSRT is useless as far as most security people are concerned, why

bother with it?

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

November 25, 2008

It's automatically updated with windows update and running so if it's running

anyway we want to know if it detects anything. We have many other tools we

use but we were wanting to know if this tool detected anything on our network

so we are aware of it. We don't want it removing stuff and we have no

knowledge of it.

"Leythos" wrote:

> In article <AAB34DA4-BCE3-4295-9232-CF0AB26E5E82@microsoft.com>,

> Jeepn@discussions.microsoft.com says...

> > Thanks, but I am refering to Microsofts Malicious Software Removal tool not

> > 3rd party antivirus software.

> >

>

> The MSRT is useless as far as most security people are concerned, why

> bother with it?

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

>

November 25, 2008

From: "Jeepn" <Jeepn@discussions.microsoft.com>

| Ya I'm that is what I'm trying to avoid

Geoff's suggestion was mine as well.

There is no way for the MRT to provide and an enterprise alert notification. It wasn't

designed that way nor can it be implemented that way. It is purely an "On Demand" scanner

that is downloaded once per month and can be initiated by the user at will.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 25, 2008

From: "Jeepn" <Jeepn@discussions.microsoft.com>

| Thanks, It's definitely not our primary, our security team was just wanting

| to be aware of it if something was detected on our network.

I don't blame them. However in an enterprise what MRT detects your AV solution should

already detect. the MRT is a limited On Demand scanner. That is the list of targeted

malware is smaall and is a subset to the majority of major AV solutions.

What is your Enterprise AV solution ?

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 25, 2008

We use Symantec, thanks

"David H. Lipman" wrote:

> From: "Jeepn" <Jeepn@discussions.microsoft.com>

>

> | Ya I'm that is what I'm trying to avoid

>

> Geoff's suggestion was mine as well.

>

> There is no way for the MRT to provide and an enterprise alert notification. It wasn't

> designed that way nor can it be implemented that way. It is purely an "On Demand" scanner

> that is downloaded once per month and can be initiated by the user at will.

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

November 25, 2008

this is closed, Thanks everyone for your help

"Jeepn" wrote:

> I would like to know if it's possible to configure alerting with MRT? We

> would like to know when an infection is detected on a workstation in our

> enterprise, is this possible?

November 25, 2008

The Microsoft Malicious Removal Tool is designed to remove a handful of

targeted malware and it does this quite well.

It is basically the MRT that got a handle on the Storm worm that was

plaguing us a while back. Within a week of the monthly release that

incorporated Storm detection over 500,000 computers were cleaned by the MRT

Most of the people didn't even know that their computers were infected.

Now, if I am in error here feel free to enlighten me.

--

Richard Urban

Microsoft MVP

Windows Desktop Experience

"Leythos" <spam999free@rrohio.com> wrote in message

news:MPG.23961e7a3a10bda989715@us.news.astraweb.com...

> In article <AAB34DA4-BCE3-4295-9232-CF0AB26E5E82@microsoft.com>,

> Jeepn@discussions.microsoft.com says...

>> Thanks, but I am refering to Microsofts Malicious Software Removal tool

>> not

>> 3rd party antivirus software.

>>

>

> The MSRT is useless as far as most security people are concerned, why

> bother with it?

>

> --

> - Igitur qui desiderat pacem, praeparet bellum.

> - Calling an illegal alien an "undocumented worker" is like calling a

> drug dealer an "unlicensed pharmacist"

> spam999free@rrohio.com (remove 999 for proper email address)

November 25, 2008

On Tue, 25 Nov 2008 14:39:26 -0500, Leythos wrote:

> In article <AAB34DA4-BCE3-4295-9232-CF0AB26E5E82@microsoft.com>,

> Jeepn@discussions.microsoft.com says...

>> Thanks, but I am refering to Microsofts Malicious Software Removal tool not

>> 3rd party antivirus software.

>>

>

> The MSRT is useless as far as most security people are concerned, why

> bother with it?

Useless? You're obviously not a security person!

http://www.computerworld.com/action/articl...ce=rss_topic125

November 25, 2008

On Tue, 25 Nov 2008 12:44:02 -0800, Jeepn wrote:

> It's automatically updated with windows update and running so if it's running

> anyway we want to know if it detects anything. We have many other tools we

> use but we were wanting to know if this tool detected anything on our network

> so we are aware of it.

The MRT is an On Demand scanner.

It is offered via the Microsoft Windows Update site once per month and it

will do a simple scan of your PC at the time it is downloaded. However, it

is on your PC and can be executed, at will, whenever you like.

Click Start==>Run... then type (or copy/paste) "MRT.exe" (w/out quotation

marks) into the box, then click the 'OK' button.

> We don't want it removing stuff and we have no knowledge of it.

Follow the prompts and you'll exactly which malware is targeted/removed.

November 26, 2008

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

news:eC7F250TJHA.5200@TK2MSFTNGP05.phx.gbl...

> On Tue, 25 Nov 2008 12:44:02 -0800, Jeepn wrote:

>

>> It's automatically updated with windows update and running so if it's

>> running

>> anyway we want to know if it detects anything. We have many other tools

>> we

>> use but we were wanting to know if this tool detected anything on our

>> network

>> so we are aware of it.

>

> The MRT is an On Demand scanner.

> It is offered via the Microsoft Windows Update site once per month and it

> will do a simple scan of your PC at the time it is downloaded. However,

> it

> is on your PC and can be executed, at will, whenever you like.

>

> Click Start==>Run... then type (or copy/paste) "MRT.exe" (w/out quotation

> marks) into the box, then click the 'OK' button.

>

>> We don't want it removing stuff and we have no knowledge of it.

>

> Follow the prompts and you'll exactly which malware is targeted/removed.

>

So...should one run the MRT on any schedule--besides the monthly update

scan--or wait for signs of infection?

Jo-Anne

November 26, 2008

From: "Jo-Anne" <Jo-AnneATnowhere.com>

| So...should one run the MRT on any schedule--besides the monthly update

| scan--or wait for signs of infection?

| Jo-Anne

No need to run on a scheduled basis but you could run...

%windir%\system32\MRT.exe /f:y

Which will run a full scan and clean/remove anything found.

The following is the log file.

%windir%\Debug\mrt.log

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 26, 2008

David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:%23f73iv2TJHA.3932@TK2MSFTNGP02.phx.gbl...

> From: "Jo-Anne" <Jo-AnneATnowhere.com>

>

> | So...should one run the MRT on any schedule--besides the monthly update

> | scan--or wait for signs of infection?

>

> | Jo-Anne

>

> No need to run on a scheduled basis but you could run...

>

> %windir%system32MRT.exe /f:y

>

> Which will run a full scan and clean/remove anything found.

>

> The following is the log file.

> %windir%Debugmrt.log

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

>

Thank you, David! I'm not sure how to run the program the way you have it.

Would I need to type it in at the command prompt? What if I just

double-clicked on the MRT.exe file? Would it offer me the /f:y option? And

for the log file, would I type that in at the command prompt?

Jo-Anne

November 26, 2008

Jo-Anne

What David did is to give you the shortcut(fast route) to get MRT to scan without your personal interference.

You can of course click on MRT.exe and then select the option (Quick, Full or Custom) scan

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message news:uQzeJA4TJHA.3952@TK2MSFTNGP06.phx.gbl...

> David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:%23f73iv2TJHA.3932@TK2MSFTNGP02.phx.gbl...

>> From: "Jo-Anne" <Jo-AnneATnowhere.com>

>>

>> | So...should one run the MRT on any schedule--besides the monthly update

>> | scan--or wait for signs of infection?

>>

>> | Jo-Anne

>>

>> No need to run on a scheduled basis but you could run...

>>

>> %windir%system32MRT.exe /f:y

>>

>> Which will run a full scan and clean/remove anything found.

>>

>> The following is the log file.

>> %windir%Debugmrt.log

>>

>> --

>> Dave

>> http://www.claymania.com/removal-trojan-adware.html

>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>

>>

> Thank you, David! I'm not sure how to run the program the way you have it.

> Would I need to type it in at the command prompt? What if I just

> double-clicked on the MRT.exe file? Would it offer me the /f:y option? And

> for the log file, would I type that in at the command prompt?

>

> Jo-Anne

>

>

November 26, 2008

On Tue, 25 Nov 2008 22:32:53 -0600, "Jo-Anne" <Jo-AnneATnowhere.com> wrote:

>Thank you, David! I'm not sure how to run the program the way you have it.

>Would I need to type it in at the command prompt? What if I just

>double-clicked on the MRT.exe file? Would it offer me the /f:y option? And

>for the log file, would I type that in at the command prompt?

>

>Jo-Anne

>

Click on Start then Run... then type mrt.exe in the dialog box and it will

bring up a series of windows for executing different scans.

November 26, 2008

Thank you, Peter!

Jo-Anne

"Peter Foldes" <okf22@hotmail.com> wrote in message

news:ufQc1Q4TJHA.2040@TK2MSFTNGP02.phx.gbl...

Jo-Anne

What David did is to give you the shortcut(fast route) to get MRT to scan

without your personal interference.

You can of course click on MRT.exe and then select the option (Quick, Full

or Custom) scan

--

Peter

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

news:uQzeJA4TJHA.3952@TK2MSFTNGP06.phx.gbl...

> David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:%23f73iv2TJHA.3932@TK2MSFTNGP02.phx.gbl...

>> From: "Jo-Anne" <Jo-AnneATnowhere.com>

>>

>> | So...should one run the MRT on any schedule--besides the monthly update

>> | scan--or wait for signs of infection?

>>

>> | Jo-Anne

>>

>> No need to run on a scheduled basis but you could run...

>>

>> %windir%system32MRT.exe /f:y

>>

>> Which will run a full scan and clean/remove anything found.

>>

>> The following is the log file.

>> %windir%Debugmrt.log

>>

>> --

>> Dave

>> http://www.claymania.com/removal-trojan-adware.html

>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>>

>>

> Thank you, David! I'm not sure how to run the program the way you have it.

> Would I need to type it in at the command prompt? What if I just

> double-clicked on the MRT.exe file? Would it offer me the /f:y option? And

> for the log file, would I type that in at the command prompt?

>

> Jo-Anne

>

>

November 26, 2008

"Geoff" <geoff@invalid.invalid> wrote in message

news:39mpi450r73v7fmcbudfc6q7rtefe65ls6@4ax.com...

> On Tue, 25 Nov 2008 22:32:53 -0600, "Jo-Anne" <Jo-AnneATnowhere.com>

> wrote:

>

>

>>Thank you, David! I'm not sure how to run the program the way you have it.

>>Would I need to type it in at the command prompt? What if I just

>>double-clicked on the MRT.exe file? Would it offer me the /f:y option? And

>>for the log file, would I type that in at the command prompt?

>>

>>Jo-Anne

>>

>

> Click on Start then Run... then type mrt.exe in the dialog box and it will

> bring up a series of windows for executing different scans.

Thank you, Geoff!

Jo-Anne

November 26, 2008

"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

news:uQzeJA4TJHA.3952@TK2MSFTNGP06.phx.gbl...

> David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

> news:%23f73iv2TJHA.3932@TK2MSFTNGP02.phx.gbl...

> Thank you, David! I'm not sure how to run the program the way you have it.

> Would I need to type it in at the command prompt? What if I just

> double-clicked on the MRT.exe file? Would it offer me the /f:y option? And

> for the log file, would I type that in at the command prompt?

>

> Jo-Anne

>

Hi Jo-Anne

As Geoff has told you "Click on Start then Run... then type mrt.exe in the

dialog box and it will bring up a series of windows for executing different

scans."

Similarly, if you click on Start, then run ... then type (or paste in)

%windir%\system32\MRT.exe /f:y you'll find that you get the same result!

Dave (BD)

--

November 26, 2008

"Jo-Anne" <Jo-AnneATnowhere.com> wrote in message

news:uQzeJA4TJHA.3952@TK2MSFTNGP06.phx.gbl...

> Thank you, David! I'm not sure how to run the program the way you have it.

> Would I need to type it in at the command prompt?

The "run" box - actually "mrt /fy" should do it.

You could type "mrt /?" to see the "switches" available and what

they mean.

> What if I just double-clicked on the MRT.exe file? Would it offer me the

> /f:y option?

It prompts you for additional input, whereas Davids suggestion answers its

prompts automatically.

> And for the log file, would I type that in at the command prompt?

The "run" box again.

Sign In

Alerting - Malicious software removal tool

Recommended Posts

Guest Jeepn

Popular Days

Popular Days

Guest Leythos

Guest Jeepn

Guest Geoff

Guest Jeepn

Guest Geoff

Guest Jeepn

Guest Leythos

Guest Jeepn

Guest David H. Lipman

Guest David H. Lipman

Guest Jeepn

Guest Jeepn

Guest Richard Urban

Guest Kayman

Guest Kayman

Guest Jo-Anne

Guest David H. Lipman

Guest Jo-Anne

Guest Peter Foldes

Guest Geoff

Guest Jo-Anne

Guest Jo-Anne

Guest ~BD~

Guest FromTheRafters

Join the conversation

Browse

Activity

Support