If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Microsoft Malware Protection Command Line Utility
Running Windows 7 Pro 32 bit. About once every week the Microsoft Malware
Protection Command Line Utility uploads about 100+ mega bytes to my computer. I am using Microsoft Security Essentials as my antivirus. This is the only antivirus installed or ever has been installed on the computer. I have checked the task scheduler and found nothing out of the ordinary. Anybody have any idea what is being uploaded? I manually update the security essentials virus definitions every morning when I turn on the computer so I know they are always up to date. -- Bill Brought to you from Anchorage, Alaska |
Ads |
#2
|
|||
|
|||
Microsoft Malware Protection Command Line Utility
Bill Bradshaw wrote:
Running Windows 7 Pro 32 bit. About once every week the Microsoft Malware Protection Command Line Utility uploads about 100+ mega bytes to my computer. That would be for the signatures database to use when comparing hashes of the files found on your computer. Microsoft Windows Malicious Software Removal Tool (MRT) https://support.microsoft.com/en-us/kb/890830 and https://en.wikipedia.org/wiki/Malici...e_Removal_Tool mrt.exe remains local. On my Win7 setup, it is 140KB in size with an Oct 18 datestamp (probably from when I last enabled BITS and WU service to do a WU review and update). There is no separate database file. The sig database is built into the .exe file probably as a huge data block although hopefully it is encrypted or, at least, hashed to verify that its contents have not been corrupted or deliberately tampered. Vipre Rescue comes to mind as another static AV you download and use. You have to re-download it later to include any new virus sigs in its database available at that time. I've never used Vipre to know if it rolls its sig database into its .exe to provide a single and hopefully protected payload or if it comes as a separate .exe file along with a separate sig database file. mrt.exe - Causing concern one a month http://www.liutilities.com/articles/...ce-in-a-month/ The size is not cumulative. What you download next month replaces what you downloaded today. I am using Microsoft Security Essentials as my antivirus. That program as well as other anti-virus programs will perform periodic downloads of their current signature database. Those downloads are in the background although some AV programs can impact the responsiveness of the computer during that download and local update of the database. The standalone normally-once-ran antimalware "update" doesn't have the luxury of having its own database updater. It doesn't maintain a local database of file signatures. You download the standalone non-updating AV program and with whatever is the current sig database at the time of the "update". Think of it as a snapshot: just showing the part of the pic for your head doesn't show where you were, who you were with, what you wore, or the other details available in the full pic. But that pic is a snapshot at a particular time, just like the monthly standalone AV "update". This is the only antivirus installed or ever has been installed on the computer. I have checked the task scheduler and found nothing out of the ordinary. Anybody have any idea what is being uploaded? I manually update the security essentials virus definitions every morning when I turn on the computer so I know they are always up to date. MRT does not replace a good anti-virus program. It's just Microsoft making sure that some malware may get caught for those users that do not employ any security software to protect their hosts, or they use really crappy AVs (even worse than Microsoft's Defender or Security Essentials). I'm a bit surprised you were unaware of MRT, it getting pushed monthly, or what it is or does. You've been around in Usenet under that nym since 2009. |
#4
|
|||
|
|||
Microsoft Malware Protection Command Line Utility
Bill Bradshaw wrote:
I did not realize the program would download the MRT signatures on its own. I am using Microsoft Security Essentials as my antivirus. I doubt MRT can find anything more, and probably much less, than MSE. After all, Microsoft is still compiling the sig database for each. It takes so little to run MRT and a short run that I don't bother hidding that update but just let it download, run, and, of course, never find anything since my choice of AV software has better detection coverage. MRT is just part of Microsoft building their image reputation regarding security (whether it is effective or not). I don't think MRT downloads any signatures but rather the sig database is built into mrt.exe as probably a data block in the code. When it run, it probably unrolls the data block into a table or database into memory hence why it cannot be too big since it runs on some rather low-end computers. 100MB isn't very large so it only scans for the more recent and most significant pests. https://support.microsoft.com/en-us/...ons-of-windows (short URL: http://tinyurl.com/jz7ep8c) That says only some of the worst and current pests are detected, not all of them as would a real AV product. https://support.microsoft.com/en-us/kb/891717 0x80508002 The signature database is corrupted. Download the 0x8050A005 The signatures are not signed. Microsoft Windows 0x8050A004 The signatures are not valid or are Malicious Software corrupted. Removal Tool again 0x80508002 The signature database is corrupted. 0x80508004 The signature database is corrupted. Sure looks like they want you to [re]download mrt.exe to get the signature database. Since the product is not an actual on-access (real-time) AV scanner, it only detects based on signatures, not on heuristics. It may incorporate some fingerprint checks (traces of changes made by malware) but I doubt it. Looks to be just a sig checker. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|