Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Microsoft Malicious Software Removal Tool

Answered Microsoft Malicious Software Removal Tool

  • Wednesday, November 14, 2012 2:45 PM
     
     
    Sign In to Vote
    0

    I have read several arguments for and against releasing this to the masses via WSUS when there is already an antivirus solution in place.  I manage the windows updates for about 3500 pc's  and over 100 servers and we use Symantec Endpoint Protection with virus and spyware protection already running. 

    Right now I don not run MSRT because of attempting to preserve bandwidth and resources on the client side of things. We have numerous smaller remote doctors offices that already complain about network slowness because of the cable connections they rely on, and I don't want to increase that frustration. 

    I guess my question is; what are the best practices with this type of situation?  I am trying to sort though the pros and cons to make an appropriate descion on this and welcome any suggestions or references on this matter.  

    Thanks in advance!

     

All Replies

  • Thursday, November 15, 2012 6:33 AM
    Moderator
     
     Answered
    Sign In to Vote
    0
    Hi,

    Even if there is already an antivirus solution in place,I still suggest you install this KB monthly.I don't think around 20MB size update will saturate your network bandwidth too much. The Malicious Software Removal Tool is a great addition to the Microsoft Protect Your PC and Defense-in-Depth strategies. For further details about the tool, read KB 890830.
    Similiar discussion:http://social.technet.microsoft.com/Forums/hr/winserverwsus/thread/17404b0a-9f71-4aff-afdc-7cc0baee2b76

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

     
  • Friday, November 16, 2012 1:38 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    I have read several arguments for and against releasing this to the masses via WSUS when there is already an antivirus solution in place.

    The principle here is called Defense In Depth.

    I would argue, in any circumstance, that having only one methodology for protection is insufficient.

    Do you absolutely, totally, unequivocally, unilaterally trust your chosen AV software vendor to find every single piece of malware ever invented?  (I don't.) In fact, the much more likely scenaro is that the virus will compromise your AV software and render it non-functional. How would you know if that were the case without a second checkpoint?

    On the contrary viewpoint.. I actually have an automated task that runs the MSRT against every one of my servers at 8pm on Patch Tuesday. Truly, I haven't even thought about this update in over a year. Frankly, I know of no valid reason not to run it!

    As for the question about bandwidth consumption... first, understanding the significance of the Background Intelligent Transfer Service (BITS) will help eliminate any arguments that patching computers is interfering with network speeds. The file itself is all of 3.6MB. It's size is microscopic compared to the regular collection of security updates that are being downloaded each month.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin


     
  • Friday, November 16, 2012 1:38 PM
     
     
    Sign In to Vote
    0

    MSRT reporting is in a log-file on the local computer, %windir%\debug\mrt.log. Not particularly useful in an enterprise environment.

    Regards
    Rolf Lidvall
    Swedish Radio (Ltd)

     
  • Wednesday, November 21, 2012 2:34 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.