MRT blocked by System Administrator in Windows 11/10 | #itsecurity | #infosec | #education | #technology | #infosec


Malicious Software Removal Tool (MRT.exe) from Microsoft comes built-in with Windows operating system. This is a free tool that doesn’t give real-time protection but automatically scans for and removes the prevalent malicious software from your PC. The tool offers three different types of scans- Quick scan, Full scan, and Customized scan.

While this is a simple tool and works fine, sometimes gives the error while launching-

This app has been blocked by your System Administrator. Contact your System Administrator for more info.

In this post, we will learn a little more about this message and also check the Fixes.

What is MRT in computer?

MRT is the Malicious Software Removal Tool from Microsoft that comes built-in with Windows operating system. The tool removes malicious software from an already-infected computer. Antivirus products block malicious software from running on a computer. Microsoft releases an updated version of this tool on the second Tuesday of each month, as needed to respond to security incidents.  The version of the tool delivered by Windows Update runs in the background and then reports if an infection is found.

Why is MRT showing blocked by System Administrator?

This is a free built-in tool but sometimes may display this message due to the following reasons-

  • Software Restriction Policy– The first reason most likely can be due to the Software Restriction Policy in your system. If the software is listed in the Software Restcirtion Policy, it may trigger this message every time you try to launch it.
  • Registry Entries– Sometimes the registry entries also prevent a tool from launching.
  • Administrator rights- Some tools sometimes need Administrator rights to work properly.

MRT blocked by System Administrator

Let’s see how we can fix this error on your Windows computer:

  1. Remove it from Software Restriction Policy
  2. Delete certain registry entries
  3. Change file permissions.

1] Remove it from Software Restricted Policy

If the software is listed in the Software Restricted Policy, the System Administrator may block it and it won’t work properly and thus you have to remove it from the list manually. You can do that using the Registry Editor. Before you process and delete any files from Registry, we recommend you to take a backup of the Registry.

Press Win+R on your keyboard to open the Run dialog box. Type Regedit in the box to open the Registry Editor. Once open, type the following key in the address bar of the Windows explorer.

HKEY_LOCAL_MACHINEPoliciesMicrosoftWindowsSafer

Check if there is any key named MRT or Malicious Removal Tool here in the list. If you find it, right-click and Delete it. It may ask for your confirmation before deleting, hit Confirm.

Now to check the Software Policies, navigate to the following key in the Registry Editor

HKEY_CURRENT_USERSOFTWAREPoliciesMicrosoftWindow

Check again if you can see any key named MRT or Malicious Software Removal Tool. If yes, right-click and Delete.

Exit and Restart your computer system. Try launching MRT and hopefully it should work.

2] Delete certain Registry Entries

If the above-mentioned fix didn’t work for you, you can try this one. This means, if the MRT is not registered in the Software Restriction Policies and still not working, try deleting certain Registry Entries to get rid of this error with MRT. Again, before you delete any Registry Entries, you should get the backup.

We will be doing this using the Command Prompt. Type in Command Prompt in the Windows Search Bar, right-click on the first result that appears, and Run it as Administrator.

We are using Command Prompt here so that you do not need to locate the entries manually.

Copy and paste the following commands in the Command Prompt and hit Enter:

reg delete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun" /f
reg delete "HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun" /f
reg delete "HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun" /f
reg delete "HKUS-1-5-19SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun" /f
reg delete "HKUS-1-5-20SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun" /f

Try launching MRT and see if this works.

3] Change file permissions

If none of the above solutions are working for you, try changing the permission and see if it works. Adding the ownership to the file sometimes just works. It actually grants you full access to the file and its security properties.

To change the permissions, locate the MRT.exe file on your PC. You will most probably find it here- “C:WindowsSystem32MRT.exe”

To take ownership of the executable file, right-click on the .exe file and click on Properties.

Go to the Security tab and click on Advanced.

Click on the Change option next to the Owner tab and select the user by clicking on the Advanced tab. Click OK and you are done.

Now you have complete access to the folder. Try launching MRT again and it should work properly now.

These are some possible fixes to the error message his app has been blocked by your System Administrator.

Do let us know if these solutions worked for you.

How to stop Malicious Software Removal Tool from downloading or installing?

If you want to stop MRT.exe from installing, then open Registry Editor and navigate to the following Registry key:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftMRT

Create a new 32-bit DWORD value, name it DontOfferThroughWUAU and set its value data to 1.

If it does not exist, you will have to create it.

MRT Blocked by System Administrator



Source link