Fix: MRT.exe Blocked by System Administrator

When you attempt to run the MRT.exe or the Microsoft Malicious Software Removal Tool (MSRT) on your Windows computer, the following error may appear:

This app has been blocked by your system administrator.

Contact your system administrator for more info.

mrt blocked by administrator

MSRT is a tool to remove infections from the computer. This tool scans for a specific, prevalent malicious software, which amounts to a small subset of all the malicious software that exists today. If MRT or MSRT is blocked, then it could be the handiwork of some malware (or in the aftermath of malware removal) on the computer.

If some policy settings are blocking MRT.exe from running, this article will tell you how to remove those policies and enable MRT.

Fix: MRT.exe Blocked by System Administrator

The “app has been blocked” error implies that MRT is most likely blocked by a custom software restriction policy or AppLocker setting.

(First, make sure to run a thorough virus scan using the latest definitions. If you’re sure that the system is clean from malware, then proceed further.)

To remove the relevant policies that are blocking MRT.exe, follow these steps:

Windows 10/11 Professional Edition and higher

  1. Launch the Local Security Policy (secpol.msc) applet.
  2. Expand Security Settings → Software Restriction Policies → Additional Rules.
  3. In the right pane, check if there are any Path or Hash rules that are set to block MRT.exe
  4. Right-click on that rule (if exists), and choose Delete. Click Yes to confirm the deletion.
    mrt blocked by administrator
  5. Exit the Local Security Policy console.

Windows 10/11 Home Edition

On Windows 10/11 Home Edition, you won’t find the Local Security Policy console. Follow these steps to remove the corresponding registry-based policy key:

  1. Launch the Registry Editor (regedit.exe)
  2. Navigate to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
  3. Backup the “codeidentifiers” registry branch by exporting it to a registry file.
  4. Expand each branch, especially “0” and “131072” and expand their subkeys.
  5. Check if there are any values whose data references “MRT” or “MRT.exe”. It could either be a path rule or hash rule.
    mrt blocked by administrator
  6. Let’s say you found the MRT related policy settings under this branch:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{3eb8ab55-72b7-4bd1-89ce-445c66392411}

    All you need to do is right-click {3eb8ab55-72b7-4bd1-89ce-445c66392411} and choose Delete

  7. Exit the Registry Editor.
  8. Restart Windows.
  9. See if you’re able to run C:\Windows\System32\MRT.exe now.

Delete the DisallowRun registry keys

If it’s not a Software Restriction Policy, it could be a DisallowRun registry key that’s blocking MRT.exe. In that case, you’ll get a different error message than the earlier one:

Restrictions

This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

mrt blocked by administrator

which is followed by the error below:



mrt blocked by administrator

Malicious Software Removal Tool

You must be logged on as a member of the Administrators group to run the tool.

To fix the issue, launch the Registry Editor (regedit.exe), and delete these two keys if they exist:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Also, delete the DWORD value named “DisallowRun” in the right pane of the following keys:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

Exit the Registry Editor.

You should be able to run MRT/MSRT now. After scanning, MRT writes to the C:\Windows\Debug\MRT.log file that contains the details of each scan. Here’s some entries from my MRT.log file:

Microsoft Windows Malicious Software Removal Tool v5.96, (build 5.96.18833.1)
Started On Sun Jan 2 15:20:18 2022

Engine: 1.1.18700.4
Signatures: 1.353.1477.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 2 15:44:33 2022

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan  2 16:05:00 2022

Return code: 0 (0x0)
Microsoft Windows Malicious Software Removal Tool v5.96, (build 5.96.18833.1)
Started On Wed Dec 15 14:20:29 2021

Engine: 1.1.18700.4
Signatures: 1.353.1477.0
MpGear: 1.1.16330.1
Run Mode: Scan Run From Windows Update

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 15 14:24:43 2021


Return code: 0 (0x0)

Note that Windows downloads the most recent version of MRT every month (via the Windows Update channel) and scans your computer in the background.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

Leave a Reply