Windows Malicious Software Removal Tool

(imported topic written by gcibirch91)

Hi

I understand that this is applied through The Security Policy Manager Fixlet site. However, my question is, what happens if you don’t have this site? We run reports using baseline and this always picks up the tool as missing. I then have to the servers and download this via windows Update.

Am I doing something wrong or am I right in what I say.

Thanks

(imported comment written by Lee Wei)

Hello Gcibirch,

You are correct that the MSRT is currently hiding in the Security Policy Manager site.

We are considering pulling this into the standards Patches for Windows site.

However, for right now, you need to subscribe to SPM to have it assessed or take action.

Lee Wei

(imported comment written by gcibirch91)

thanks Lee Wei,

Do you know when this decision will be made as I believe this is quite important. As I said the MBSA reports this as a critical patch and we then have to go back to all our servers to manually patch them…if you have one or two this is not too bad but we have going on 30 odd servers all around the world.

This to me could decide whether we go with the system or not…its a pointless process if we still have to go and manually patch the servers.

(imported comment written by Lee Wei)

Is the issue you don’t have access or subscription to the Security Policy Manager site?

(imported comment written by gcibirch91)

Yeah we don’t subscribe to it. Presume this would be an extra cost?

(imported comment written by Lee Wei)

OK, sent you a PM.

(imported comment written by gcibirch91)

Cheers Lee Wei,

I have installed the Site but can’t see any extra tabs for Policy?/

Lee

(imported comment written by BenKus)

Hey gcibirch,

I would suggest that you also consider NOT using MBSA for your baselines… It seems that you care more about compliance to the arbitrary MBSA baseline rather than caring about the Windows Malicious Software Removal tool… It seems that you can run your baseline reports through BigFix and you can customize your reports to show you only patches that you care about.

Ben

(imported comment written by gcibirch91)

Hi Ben,

I understand totally where you are coming from, but you also have to understand that we have to prove to auditors that we are compliant when patching our servers each month, based on the critical patches Microsoft pass down each month. We can customise reports as you say, but these will be based on our own view of compliance and we would have to justify why we are saying that the tool in our view is not critical. Microsoft put the Mailicious Tool in the must have patched section and that must mean that they are saying that this is a minimum baseline. An auditor could base their baseline on the Microsoft version. At least then we can turn round and say this is what Microsoft are telling us is needed. I am just trying to cover all bases.

Lee

(imported comment written by BenKus)

Hey Lee,

A lot of companies that I have spoken with use the scheme of “all Microsoft critical security bulletins”, which hopefully is easy to justify to your auditors… In my humble opinion, the critical security bulletin approach is more objective and reasonable than listing to whatever MBSA tells you because it makes its own decisions about things like whether or not the malicious software removal tool matters (which you arguably won’t need if you are running a different AV tool)…

Just my thoughts…

Ben

(imported comment written by gcibirch91)

Hi Ben,

Thanks again for the advice. We are going to look at the BES reports and compare them to see what info we can use and customise.

Thanks