Disable or Uninstall Malicious Software Removal Tool on Windows Server KB890830 Automatic Maintenance
Turns out the Automatic Maintenance tasks are managed by C:\Windows\System32\MSchedExe.exe and the Scheduled Tasks under the \Microsoft\Windows\TaskScheduler folder. It then will run other tasks that are defined but don't have a specified trigger, one being the MRT_HB task under \Microsoft\Windows\RemovalTools\.
Here you can see it calling MRT.exe to run the scan, and the last run time matches the information from the Action Center:
If you disable this Scheduled Task it should prevent the Malicious Software Removal Tool from running. You also can delete the task and the MRT.exe program using the following in an elevated PowerShell prompt:
Unregister-ScheduledTask -TaskName 'MRT_HB' -TaskPath '\Microsoft\Windows\RemovalTools\' -Confirm:$false
Remove-Item 'C:\Windows\System32\MRT.exe' -Force
Note, however, that if you haven't disabled the KB890830 update in WSUS or via the registry it likely will be reinstalled, as MRT gets updated every patch Tuesday.
Related videos on Youtube
02 : 20
00 : 35
03 : 44
04 : 28
02 : 13
01 : 17
Greg Bray
Updated on September 18, 2022Comments
-
Greg Bray over 1 year
We have a script that declines KB890830 updates for our on-premise Windows Update Server, but we recently found someone approved one of the monthly updates before the script could run and the Malicious Software Removal Tool (MRT) was installed on all of our servers.
We've had issues with MRT in the past and want to remove it, but now the script has declined the update and we cannot find anything under the
View installed updatessection to remove it. We also tried runningwusa.exe /uninstall /KB:890830but it returned the error:The update KB890830 is not installed on this computer.
According to the
C:\Windows\debug\mrt.log,C:\Windows\System32\MRT.exeis being run daily during the "Automatic Maintenance" window defined in the Action Center section of the control panel. So it is definitely installed and being run daily.I tried using SysInternals AutoRuns and looking at the Scheduled Tasks but was not able to find where it was being started.
How can we disable or uninstall the Malicious Software Removal Tool on our Windows Servers to prevent it from running?
-
Gaelle almost 4 yearsI have the exact same problem as you, but I would only like to uninstall KB890830 on my SharePoint Server 2016. And of course, same as you, I do not see it in the Installed Updates. How could i uninstall and block this update (You already answered this last bit, but not the first, because you uninstall mrt completely) thank you !