-

Microsoft Safety Scanner Privacy Statement

Updated: January 5, 2011

At Microsoft, we're working hard to protect your privacy while delivering products that bring you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of the Microsoft Safety Scanner ("MSS"). It focuses on features that communicate with the Internet and is not intended to be an exhaustive list. It does not apply to other online or offline Microsoft sites, products, or services.

MSS checks computers for infections by malicious software ("Malware") and helps remove any infection found.

Information Collected, Processed, or Transmitted

If MSS detects Malware or if an error occurs when MSS is running, a report is sent to Microsoft that contains basic information about the Malware or about the error. The reports sent to Microsoft include technical information about MSS, Malware found, and your computer, such as:

  • The MSS version number
  • The file names, cryptographic hash, size, date stamp, and other characteristics of any Malware removed from the computer
  • The success or failure of Malware removal
  • The computer's manufacturer, model and processor architecture
  • The computer's operating system version, locale, and Internet Protocol (IP) address
  • A globally unique identifier (GUID) that enables us to count the unique computers using MSS. The GUID is a randomly generated number; it does not contain any personal information and is not used to identify you.

    The reports may unintentionally contain personal information. For instance, some Malware may create entries in your computer's registry that include information such as your username. To the extent that any personal information is included in a report, Microsoft will not use the information to identify or contact you.

    MSS will ask you to send additional information to Microsoft if software suspected to be Malware is found on your computer. This additional information is sent only with your consent, and includes:
  • The files that are suspected to be Malware. MSS will select the files for you.
  • A unique identifier associated with files suspected to be Malware. This identifier enables us to verify that the files were successfully transferred.

Use of Information

The information collected will be used for statistical analysis (e.g., to determine how many machines are infected with a particular piece of Malware), as well as to improve MSS and other Microsoft products and services. Microsoft may publish aggregated data about the use of MSS and the Malware it identifies. We occasionally hire other companies to provide limited services on our behalf, such as answering customer questions about products or services, or performing statistical analysis of our services. We will only provide those companies the information they need to deliver the service, and they are prohibited from using that information for any other purpose. Additionally, we may disclose information to third parties to help them improve anti-Malware capabilities in their products or services.

Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities, and by using this tool, you consent to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union. Microsoft may disclose information collected if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft products or services, or members of the public.

Choice and Control

If you do not want MSS to send any information to Microsoft, you can disable the MSS's reporting component with the following registry key setting.

Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MSERT
Entry name: \DontReportInfectionInformation
Type: REG_DWORD
Value data: 1

Security of Your Information

Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. To help protect your privacy, the information MSS sends to Microsoft is encrypted using Secure Sockets Layer (SSL).

Changes to This Privacy Statement

We may occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the top of the privacy statement. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the information we collect.

For More Information

If you have questions about this privacy statement, please contact us by e-mail at msertpriv@microsoft.com.

MSS Privacy
Microsoft Corporation
One Microsoft Way, Redmond, Washington 98052