MSRT Scanner

Purpose

This solution performs MSRT scanning, auto-fixes detected infections as an optional feature, and stores the data for auditing purposes.

Associated Content

Content	Type	Function
Script - Malicious Software Removal Tool Scanner	Script	This script runs the Malicious Software Removal Tool Scanner and logs the result. It also provides an option to perform an auto-fix of the detected infections by the tool.
Internal Monitor - MSRT Scanner Execute	Monitor	This monitor detects the online Windows-supported agents (Windows 10, 11, 2016, 2019, and 2022 only) where the client EDF 'MSRT Scanner Enable' is checked and the exclusion location and computer EDFs 'MSRT Scanner Exclude' are not checked. It also excludes the agents where the MSRT scanner script Malicious Software Removal Tool Scanner ran in the past 7 days.
Dataview - MSRT Scanner Audit	Dataview	This dataview stores the status of the MSRT scanner result from the script Malicious Software Removal Tool Scanner.
△ Custom - Execute Script - MSRT Scanner	Alert template	This alert template helps to schedule the script Script - Malicious Software Removal Tool Scanner to the detected agents of the monitor Internal Monitor - MSRT Scanner Execute.

Implementation

1. Import the following content using the ProSync Plugin:

   • Script - Malicious Software Removal Tool Scanner
   • Internal Monitor - MSRT Scanner Execute
   • Dataview - MSRT Scanner Audit
   • △ Custom - Execute Script - MSRT Scanner

2. Reload the system cache:

3. Configure the solution as outlined below:

   • Navigate to Automation → Monitors within the CWA Control Center and set up the following:
     • Internal Monitor - MSRT Scanner Execute
       • Set up with △ Custom - Execute Script - MSRT Scanner Alert Template.
       • Right-click and Run Now to start the monitor.
   • Please ensure to whitelist the following hashes for script execution.

     ED06AECD5686944B0A5E5D76C1E7A9EA
     C8759C7E4979819C0BB39DAF4DC64124