Search Microsoft Security
Search Microsoft.com

Microsoft Windows Malicious Software Removal Tool Privacy Statement

Microsoft Windows Malicious Software Removal Tool Privacy Statement

At Microsoft, we're working hard to protect your privacy while delivering products that bring you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of the Microsoft Windows Malicious Software Removal Tool (“MSRT”). It focuses on features that communicate with the Internet and is not intended to be an exhaustive list. It does not apply to other online or offline Microsoft sites, products, or services.

MSRT checks computers for infections by specific, prevalent malicious software (“Malware”)—including Blaster, Sasser, and Mydoom—and helps remove any infection found.

Information Collected, Processed, or Transmitted

If MSRT detects Malware or if an error occurs when MSRT is running, a report is sent to Microsoft that contains basic information about the Malware or about the error. The reports sent to Microsoft include technical information about MSRT, Malware found, and your computer, such as:

  • The MSRT version number

  • An indicator of whether MSRT was downloaded via Microsoft Update, Windows Update, or a Microsoft website.

  • The file names, cryptographic hash, size, date stamp, and other characteristics of any Malware removed from the computer

  • The success or failure of Malware removal

  • The computer's manufacturer, model and processor architecture

  • The computer's operating system version, locale, and Internet Protocol (IP) address

  • A globally unique identifier (GUID) that enables us to count the unique computers using MSRT. The GUID is a randomly generated number; it does not contain any personal information and is not used to identify you.

The reports may unintentionally contain personal information. For instance, some Malware may create entries in your computer’s registry that include information such as your username. To the extent that any personal information is included in a report, Microsoft will not use the information to identify or contact you.

MSRT will ask you to send additional information to Microsoft if software suspected to be Malware is found on your computer. This additional information is sent only with your consent, and includes:

  • The files that are suspected to be Malware. MSRT will select the files for you.

  • A unique identifier associated with files suspected to be Malware. This identifier enables us to verify that the files were successfully transferred.

Back to top  ^

Use of Information

The information collected will be used for statistical analysis (e.g., to determine how many machines are infected with a particular piece of Malware), as well as to improve MSRT and other Microsoft products and services. Microsoft may publish aggregated data about the use of MSRT and the Malware it identifies. We occasionally hire other companies to provide limited services on our behalf, such as answering customer questions about products or services, or performing statistical analysis of our services. We will only provide those companies the information they need to deliver the service, and they are prohibited from using that information for any other purpose. Additionally, we may disclose information to third parties to help them improve anti-Malware capabilities in their products or services.

Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities, and by using this tool, you consent to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union. Microsoft may disclose information collected if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft products or services, or members of the public.

Back to top  ^

Choice and Control

If you do not want MSRT to send any information to Microsoft, you can disable the MSRT’s reporting component. To learn how to disable the reporting component, see the article in the Microsoft Knowledge Base:

891716 Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment. (http://support.microsoft.com/kb/891716/)

Back to top  ^

Security of Your Information

Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. To help protect your privacy, the information MSRT sends to Microsoft is encrypted using Secure Sockets Layer (SSL).

Back to top  ^

Changes to This Privacy Statement

We may occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the top of the privacy statement. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the information we collect.

Back to top  ^

For More Information

If you have questions about this privacy statement, please contact us by email at msrtpriv@microsoft.com.

MSRT Privacy
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052

Back to top  ^