rbalsleyMSFT
commented
2 months ago When I originally put in the update code, I thought a lot about MSRT. The intent behind the MSRT is to download and scan once a month for malicious software (it does a scan in the background shortly after download/installation from WU). It's obviously different from AV (Defender) in that it's looking for specific malicious software that AV may have missed. If we put the MSRT in the FFU, that version of the MSRT is somewhat irrelevant because it won't ever scan. You can run it manually, but in most cases that version will never run or scan the system. You'd have to wait until next month's MSRT is released for it to scan the system.
Now one could argue that there shouldn't be anything malicious between when you lay down the FFU and the machine first runs Windows Updates. They could also argue that when was the last time MSRT found anything? I can't say in 20 years I've seen MSRT find anything, but someone must have otherwise why do we keep releasing it? :)
If I were to include it though, I'd do it differently from how you've done it. Since MSRT is available from the Microsoft Update Catalog, I'd reuse the code we already have instead of having to scrape another site.
I can take the PR and since it'll be off by default, leave it up to whoever wants to include it to turn it on. It will save 70MB of bandwidth, so those in poor bandwidth areas, this could be helpful to them.
zehadialam
This PR introduces support for installing the latest Windows Malicious Software Removal Tool in the FFU.
Added Parameters
UpdateLatestMSRTWhen set to
$true, the latest Windows Malicious Software Removal Tool will be downloaded and installed. Default is$falseAdded Functions
Get-MSRTUrlThis function returns the download URL for the latest Windows Malicious Software Removal Tool.
Other Additions
Modified the
Clear-InstallAppsandSysprepfunction to restore theInstallAppsandSysprep.cmdfile to the default state and remove the MSRT folder.