Microsoft provides two free tools that let you check whether enterprise desktops have been infected with malware. The Microsoft Malicious Software Removal Tool is an anti-malware application that runs in the background on Windows desktops set up for automatic updating.
The Microsoft Safety Scanner is an on-demand utility that you can download and run on an as-needed basis to check for malicious software. Although the tools are similar, there are important differences between them. Even so, both are easy to implement and use and can serve as a valuable part of an enterprise anti-malware strategy.
Malicious Software Removal Tool is automatic but not proactive
If the Automatic Update feature is enabled on your Windows desktops, those systems are most likely already running the Malicious Software Removal Tool (MSRT). Microsoft releases an updated version of the tool on "Patch Tuesday," the second Tuesday of each month, and it's part of the automatic updating process.
Once downloaded, MSRT scans the system for specific viruses, worms and Trojan horses. If malware is detected, the tool will delete it when possible and display a notification next time someone with administrative privileges logs on to the computer. At that point, further action might be required. Otherwise, MSRT runs in quiet mode in the background, and the user is generally unaware that it has been downloaded or is running, unless performance is affected.
MSRT will run on any Windows desktop from Windows XP onward. It also runs on several Windows Server operating systems. However, the utility is not a substitute for a full-fledged anti-malware system. The Malicious Software Removal Tool is a post-infection removal tool that should be used only to enhance existing protection and as part of a defense-in-depth strategy. It does not protect a computer from becoming infected; it can only remove running malware from an already infected computer. In addition, the MSRT targets only a small subset of all the malware out there.
Even so, an extra layer of protection can be a valuable asset to any organization. It is not uncommon for one anti-malware product to find what another product has missed. However, when MSRT runs as part of the automatic updating process, it scans only once a month. A quick scan checks only those areas most likely to contain malware, such as memory and the registry.
MSRT can also perform a full scan, which checks an entire Windows desktop, or a custom scan, which covers everything included in a quick scan, plus the contents of a specified folder. But to perform a full or custom scan or to scan a system more than once a month, you must run the tool manually.
The first step in running the Malicious Software Removal Tool manually is to ensure that you have the most recent version. The best way to do that is to download it from the MSRT landing page or the Microsoft Download Center. The name of the file you download is updated each month to reflect the current version. For example, the file "Windows-KB890830-x64-V5.2" is the file associated with the 64-bit version of the July 2013 release.
Once you download the file, you can run MSRT immediately against a desktop or redistribute the file for enterprise deployment, using a Systems Management Server (SMS) package, Group Policy startup or logon script. For details about enterprise deployments, see Microsoft knowledge base article 891716. For more information about the Malicious Software Removal Tool, see article 890830.
Microsoft Safety Scanner searches for more threats
The Microsoft Safety Scanner (MSS) is a lot like MSRT in that it's a free downloadable security tool that lets users check for and remove viruses, spyware and other malware. Also like MSRT, this tool works with existing software and should be considered only part of a larger anti-malware strategy. MSS searches for existing malware, but it does nothing to protect a computer from infection.
Despite its similarities to the Malicious Software Removal Tool, the Microsoft Safety Scanner is different in a number of ways. For example, MSRT targets only a small number of threats and is updated only once a month. In contrast, MSS uses the same set of signature/definition files as Microsoft Security Essentials or Windows Defender. These definitions address a much greater number of threats and are updated three times a day.
Because of how often the definitions are updated, MSS expires only 10 days after being downloaded, compared with 60 days for MSRT. In addition, MSRT is designed primarily to run in the background as part of a system's automatic updating functionally and requires administrative privileges to run manually. The MSS is strictly an on-demand tool that any user can run to check for potential infections.
Administrators should consider turning to MSS when they suspect that an anti-malware application is not working correctly or has been compromised. For instance, rogue security software might have disabled the existing anti-malware app and infected a computer with other malware. In such cases, the admin can download the most recent version of MSS and run it against the infected computer.
If the infection impairs the computer's ability to connect to the Internet, the administrator can download the MSS file to another device (such as a flash drive), copy the file to the infected computer and run MSS to search for hard-to-remove infections.
Even if your anti-malware software appears to be working fine, MSS provides a handy way to perform a second check, a useful strategy if there is even a hint of potential infection. Like MSRT, the Microsoft Safety Scanner supports three scan types: quick, full and custom. A full scan is, of course, the safest bet, but is the most resource intensive. A quick scan is less so, but it can miss malicious files.
For more information about the MSS and for details on how to download it, go to the Microsoft Safety Scanner landing page.
Expanding Windows security
The Malicious Software Removal Tool and Microsoft Safety Scanner can both be a useful part of a larger security strategy. MSRT is easily implemented along with Automatic Updates or can be run manually as often as necessary. MSS is strictly an on-demand tool that should be downloaded each time it's used. However, it searches for a much greater number of malware threats than MSRT.
Neither Microsoft security utility should be considered a day-to-day tool that replaces a comprehensive anti-malware system. But as a complement to such a solution, either one could prove invaluable.
This was first published in October 2013