When you attempt to run the MRT.exe
or the Microsoft Malicious Software Removal Tool (MSRT) on your Windows computer, the following error may appear:
This app has been blocked by your system administrator. Contact your system administrator for more info.
MSRT is a tool to remove infections from the computer. This tool scans for a specific, prevalent malicious software, which amounts to a small subset of all the malicious software that exists today. If MRT or MSRT is blocked, then it could be the handiwork of some malware (or in the aftermath of malware removal) on the computer.
If some policy settings are blocking MRT.exe from running, this article will tell you how to remove those policies and enable MRT.
Fix: MRT.exe Blocked by System Administrator
The “app has been blocked” error implies that MRT is most likely blocked by a custom software restriction policy or AppLocker setting.
(First, make sure to run a thorough virus scan using the latest definitions. If you’re sure that the system is clean from malware, then proceed further.)
To remove the relevant policies that are blocking MRT.exe, follow these steps:
Windows 10/11 Professional Edition and higher
- Launch the Local Security Policy (
secpol.msc
) applet. - Expand Security Settings → Software Restriction Policies → Additional Rules.
- In the right pane, check if there are any Path or Hash rules that are set to block MRT.exe
- Right-click on that rule (if exists), and choose Delete. Click Yes to confirm the deletion.
- Exit the Local Security Policy console.
Windows 10/11 Home Edition
On Windows 10/11 Home Edition, you won’t find the Local Security Policy console. Follow these steps to remove the corresponding registry-based policy key:
- Launch the Registry Editor (regedit.exe)
- Navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
- Backup the “
codeidentifiers
” registry branch by exporting it to a registry file. - Expand each branch, especially “
0
” and “131072
” and expand their subkeys. - Check if there are any values whose data references “MRT” or “MRT.exe”. It could either be a path rule or hash rule.
- Let’s say you found the MRT related policy settings under this branch:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{3eb8ab55-72b7-4bd1-89ce-445c66392411}
All you need to do is right-click
{3eb8ab55-72b7-4bd1-89ce-445c66392411}
and choose Delete - Exit the Registry Editor.
- Restart Windows.
- See if you’re able to run
C:\Windows\System32\MRT.exe
now.
Delete the DisallowRun registry keys
If it’s not a Software Restriction Policy, it could be a DisallowRun
registry key that’s blocking MRT.exe. In that case, you’ll get a different error message than the earlier one:
Restrictions This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
which is followed by the error below:
Malicious Software Removal Tool You must be logged on as a member of the Administrators group to run the tool.
To fix the issue, launch the Registry Editor (regedit.exe
), and delete these two keys if they exist:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Also, delete the DWORD value named “DisallowRun
” in the right pane of the following keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
Exit the Registry Editor.
You should be able to run MRT/MSRT now. After scanning, MRT writes to the C:\Windows\Debug\MRT.log
file that contains the details of each scan. Here’s some entries from my MRT.log
file:
Microsoft Windows Malicious Software Removal Tool v5.96, (build 5.96.18833.1) Started On Sun Jan 2 15:20:18 2022 Engine: 1.1.18700.4 Signatures: 1.353.1477.0 MpGear: 1.1.16330.1 Run Mode: Interactive Graphical Mode Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 2 15:44:33 2022 Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 2 16:05:00 2022 Return code: 0 (0x0)
Microsoft Windows Malicious Software Removal Tool v5.96, (build 5.96.18833.1) Started On Wed Dec 15 14:20:29 2021 Engine: 1.1.18700.4 Signatures: 1.353.1477.0 MpGear: 1.1.16330.1 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 15 14:24:43 2021 Return code: 0 (0x0)
Note that Windows downloads the most recent version of MRT every month (via the Windows Update channel) and scans your computer in the background.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!