SOLVED

"Windows Malicious Software Removal Tool" Reboot required

Copper Contributor

I just installed Windows Admin Center and after connecting to one of our servers, in "Updates" category I noticed "Windows Malicious Software Removal Tool". I remembered I forgot to install it and I almost clicked on Install but then I noticed something really weird. It says "Yes" in "Reboot required" column and it offers me "Restart options". My only question is "What the hell?"

8 Replies

@Reza_Ameri 

Probably not, but yesterday I clicked on Install to see what would happen and server didn't restart after install. But after connecting to it using RDS I still see this update in Windows Update. "UsoClient.exe StartScan" don't change anything. When I clicked on download it quickly disappeared from the list and I'm "up to date".

@Peter86PL 

What version of Windows Server are you using?

Do you have any Anti-Malware installed?

2019
Just Windows Defender
Have you tried running a full system scan with the Windows Defender?
If yes, what was the result?
Why do you insist that malware is probably somewhere on this server? MRT didn't detect any.


Microsoft Windows Malicious Software Removal Tool v5.89, (build 5.89.18135.1)
Started On Wed May 26 00:59:04 2021

Engine: 1.1.18000.5
Signatures: 1.335.1214.0
MpGear: 1.1.16330.1
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 26 00:59:44 2021


Return code: 0 (0x0)

The Microsoft Windows Malicious Software Removal Tool doesn't detect all malwares and it only has list of well-known and dangerous malware and not the entire list of all malwares. Meaning, your system might have been infected with other malwares which are not in the list of this tools.

To scan for complete list of malwares, you have either use updated version of the Windows Defender or Safety Scanner which contains list of all malwares.

It is also assumption and something else might cause this issue but it worth a try to find out.

best response confirmed by Peter86PL (Copper Contributor)
Solution
My "problem" was not whether my servers have malware or not, let's ignore it for now. I was only talking about "Windows Admin Center" stating that "Windows Malicious Software Removal Tool" requires reboot. And now I can answer this myself, because I just noticed that in WSUS on "Windows Malicious Software Removal Tool" there is "Restart behavior: Can request restart". And cumulative updates also have "Can request restart", So there you have it, developers of "Windows Admin Center" used "Reboot required" for something that means "Can request restart".
1 best response

Accepted Solutions
best response confirmed by Peter86PL (Copper Contributor)
Solution
My "problem" was not whether my servers have malware or not, let's ignore it for now. I was only talking about "Windows Admin Center" stating that "Windows Malicious Software Removal Tool" requires reboot. And now I can answer this myself, because I just noticed that in WSUS on "Windows Malicious Software Removal Tool" there is "Restart behavior: Can request restart". And cumulative updates also have "Can request restart", So there you have it, developers of "Windows Admin Center" used "Reboot required" for something that means "Can request restart".

View solution in original post