I have a network using Small Business Seerver 2011, and the client computers are predominately Windows 7. I finally discovered why my network and the machines slow down to a craw every once in a while. It appears that MRT scans files residing on other machines (offline files). It looks like MRT scans any file that is already offline (i.e., in the CSC directory) on the machine being scanned AND on the networked location. Using the Redirected folders, the users' profile is on the server AND there's an offline copy on each machine the user uses. This creates a sh__load of network traffic to do the redundant scans. IMHO MRT should scan only the copy of a file sitting on the machine being scanned at the time.- Michael Faklis

... and the question is ? 1. Perhaps the Process Monitor would give you the answer about the functionality of MRT. 2. I have look for MRT internals, but nothing specific found. 3. The security is not restricted to MRT, there are other solutions... Regards Milos

Hi, Do you mean if you disable this malicious software removal tool, this issue would be gone ? Alex Zhao TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Alex Zhao TechNet Community Support

When MRT is installed, it does a default Quick scan for low-hanging fruit. The full scan scans offline files on the PC being scanned as well as the server where the master files are kept. This is where the problem lies. The customized scan allows you to add folders to the quick scan. There is no option to tell MRT to ignore networked drives and/or redirected folders. I say, IMHO let MRT scan the computer it's running on (period). Mirrored copies (in CSC) can be scanned on the local machine in the CSC folder, but the master files that are referred to by offline files (mirrored) and redirected files (on another machine, and probably mirrored) should be scanned on the machine they reside on. There's no need to drag down the network (and network clients) with redundant scans of remote files.- Michael Faklis

Hi, Does this issue still trouble you? Regards, Alex Zhao TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Alex Zhao TechNet Community Support

Alex: Doesn't it bother you, or are you obligated to minimize open cases? As is, MRT is a problem for anyone residing in a networked environment. It may be that most Windows users are running a single machine without a networked infrastructure. In my circle of friends and colleagues the official data stores are all on the network servers and their primary workstaions is using encrypted offline files, or accessing the network directly. Yes, IMHO this is a problem.- Michael Faklis

Hi, As we know, Malicious Software Removal Tool is used to help users to remove malicious software from computers. So, based on my understanding, a basic scan should be performed to check the areas of the system most likely to contain malicious software. The customized scan is just to add the contents of a user-specified folder. This is just designed for security. Meanwhile, Microsoft Malicious Software Removal Tool does not replace an antivirus product, it is just used to remove malicious software from an already-infected computer, but Antivirus products block malicious software from running on a computer. So we strongly to recommend to install a antivirus product. Alex Zhao TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Alex Zhao TechNet Community Support

Interesting. Rather than fix the problem, you seem to twist the justification in order to declare it a feature and not a problem. That's an old trick of "IBM" back when they were the industry leader. "We" believe that MRT is just one tool in the arsenal to identify and fix malware. No one should depend upon MRT, just as no one should depend on any single tool. "We" believe that adequate security should be based on multiple layers of tools including but not limited to firewalls, anti-malware (of different types including anti-virus), and limited user authorization. Additionally, adequate protection doesn't rely on a single vendor's solution. It's reasonable to assume that security tool "A" is checking a different subset of known threats than product "B", and even were there is overlap the two products are checking the same threat in a different manner. So while MRT is just another tool in your arsenal of anti-malware tools, it should not clog up the network, client machines, or servers with redundant checks across the network. IMHO, this is a bug that MS should be notified of so they can fix it. So I agree with part of your last post, but MRT's full full system scan needs to be fixed. - Michael Faklis