Using Microsoft Safety Scanner MSERT.exe

With each Patch Tuesday, MS releases a new version of the Malicious Software Removal Tool (MSRT). Just yesterday, I learned about a similar but different tool named Microsoft Safety Scanner (MSERT.exe). At first, I did a double-take to make sure it wasn’t a typo. It’s not, as the Safety Scanner Docs page attests. (Here are live links to the 32-bit and 64-bit downloads mentioned in the lead-in graphic.) Here, I’ll explore what’s involved in using Microsoft Safety Scanner, aka MSERT.exe.

Explanation Precedes Using Microsoft Safety Scanner

MS explains the tool thusly “a scan tool designed to find and remove malware from Windows computers.”  It goes on to says “Simply download it and run a scan to find malware and try to reverse changes made by identified threats.” Like the MSRT, the MS Safety Scanner gets updates and new signatures all the time, so MS recommends that you always download a fresh copy any time you’d like to use it. They also observe that it’s only worth using for 10 days, after which one MUST download a new version.

Here’s how MS describes the MSRT on its download page:

Windows Malicious Software Removal Tool (MSRT) helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download.

I’ll be darned if I can tell much difference between them. Nor do I see much distinction in third-party coverage. That said, Explorer sees big differences in size between the two, to wit:

Using Microsoft Safety Scanner.sizesNotice that MSERT.exe shows up as itself, while MSRT shows up as KB890830, version 5.87. Because MSRT is released monthly through WU, it apparently keeps the same KB number, but gets a new version number with each release. MSERT is not so readily obliging but does show that information on its Properties/Details page. That’s where I learned that MSERT stands for “Microsoft Support Emergency Response Tool.”

Using Microsoft Safety Scanner.details

Full name plus file version info readily available here.
[Click image for full-sized view.]

Let’s just say this is another tool from MS you can run at your own discretion to check a Windows PC for malware, and attempt cleanup. All this makes me curious to understand why we have access to not one, but two, such tools. Even the best of third-party explanations/explorations tend to be a bit shaky, like this Tom’s Hardware Forums item. Even my home forums community at TenForums is pretty much mum on differences, to my consternation and regret.

Using Microsoft Safety Scanner

The .exe file is portable and runs from anywhere (including the Downloads folder). The Docs don’t say one should run the program as administrator, but I did so anyway. It presents a EULA to which you must agree before it does its thing. Next you get a welcome/disclosure screen:

Click Next, and you get your choice of scan types (quick, full, or customized).

Then, it scans your “most likely compromised” files under quick scan.

On my production PC, the whole process took about 3:00 and produced the following results.

Nothing to see here folks, please move along. A clean bill of health, in other words.

Upon completion,  the log file (named msert.log) shows nothing informative about cleanup or actions taken (probably because it found nothing to clean up). Here’s a NotePad++ view of its contents (click to view full-sized, as it’s a little hard to read in native WordPress resolution):

I’m still not sure if you and I really need this tool or not, but it’s nice to know it’s available on demand should you wish to make a malware scan and clean-up pass over your Windows PC. The whole thing still has me wondering…

 

Facebooklinkedin
Facebooklinkedin

Further Windows Explorer Restart Follies

First: an admission. I occasionally have problems with losing access to the Start Menu, and getting Taskbar icons to respond to mouse clicks. I’m pretty sure my troubles are self-inflicted, and come from some interaction with Stardock Software’s Start10. I’ve used some variant of this software since Windows 8 Release Preview emerged in May 2012. Recently, I’ve experienced further Windows Explorer restart follies, as I’ve attempted repair and recovery. That said, the never-fail fix for these symptoms remains “restart Windows Explorer in Task Manager.” In attempting that fix recently, I came a across a new and amusing wrinkle this week. Let me explain…

What Do Further Windows Explorer Restart Follies Entail?

As I mentioned, the fix involves restarting Windows Explorer. When I went to attempt that fix earlier this week, Windows Explorer wasn’t showing under the Apps heading in Task Manager’s Processes view (see lead-in graphic for example). What to do?

You can’t right click something that’s absent to get to the Restart option in the menu shown above. So I did the obvious: I launched an instance of Explorer by clicking its folder icon in the Taskbar. This launched Explorer.exe, and caused the Windows Explorer item to appear where it was needed. Then, it was simple to right-click that entry, pick Restart and forcibly restart the explorer process.

Thankfully, as it always has before, this fixed whatever was wrong with my Taskbar icons and the built-in Start Menu. I’m not sure how long this has been going on. It’s been a while since I last had this problem. But my recollection is that because the Explorer process always runs in the background — it’s necessary to support the Start Menu, Taskbar, Notification Area and Action Center — it used to appear by default under Apps in Task Manager, too. Apparently, that’s no longer the case in 19042 and 19043 builds.

I proceeded from this principle: “If no Windows Explorer shows in Task Manager Apps, then put one there.” That makes it easy to restart. ‘Nuff said.

Facebooklinkedin
Facebooklinkedin

Three-Key Method Enables Instant Screen Snip

I collect and treasure cool keyboard shortcuts. I just learned a fantastic one, from long-time TenForums Guru @Berton. He rightfully describes himself as a “Win10 User/Fixer.” If you press these three keys together: WinKey+Shift+S you’ll launch the newfangled Snip&Sketch screen capture tool built into Windows 10, ready to capture whatever you like. I say this three-key method enables instant screen snip because there’s no need to launch the app to start the capture process in motion.

Which Three-Key Method Enables Instant Screen Snip?

I have to laugh at myself about picking up this tip from a third party. When you launch Snip & Sketch manually, the default screen that shows up is depicted in the lead-in graphic. There’s the tip, right there! (See above.)

You can launch Snip & Sketch in a variety of other ways, including:

  • from the Search box (typing “Snip &” usually suffices)
  • using the Screen Snip button in Action Center
  • entering explorer ms-screenclip: in the Search or Run boxes, or at any command line interface

What Makes the Three-Key Method Attractive/Useful?

It’s fast, easy, and happens immediately following key sequence entry. Because of my writing work, especiallly on Windows 10 topics, I’m capturing screens all the time. Anything that makes this faster and easier is a good thing for me. Others who labor in similar ways — tech writing or documentation, blogging, articles, and so forth — should find this equally useful.

I’m also giving myself the Homer Simpson “Doh!” award for not attending to the default app window’s poignant and informative message. It reads “Press Windows logo key + Shift + S to snip what’s on your screen without starting Snip & Sketch.” If only I’d thought about this (or tried it out sooner) I could’ve been doing this long ago.

That’s life for me these days in Windows World. I may not be first across the finish line, but I still (mostly) get to where I need to go. Tortoises rock!

Facebooklinkedin
Facebooklinkedin

Two Commands Boot Into WinRE

I had the good fortune to provide copy edit and feedback to an MS person who works with Windows 10 recovery tools recently. From the blog post involved in our back-and-forth, I learned that two commands boot into WinRE (that is, the Windows Recovery Environment). Of course, a restart is required to make this happen. It’s not like Advanced Startup in Settings → Update & Security → Recovery → Advanced Startup. That is, you won’t immediately restart your PC as you do when clicking its “Restart now” button. I almost fell over when I tried that out for the first time!

Which Two Commands Boot Into WinRE?

One I already knew about, the other is a welcome and interesting surprise. The surprising one uses a special switch for the Windows RE configuration tool — namely REAgentC. Turns out there’s a special option named “boottore” that does the trick. If you parse the string properly, it’s self-advertising: “boottore” = “Boot to R(ecovery )Environment.” Thus, that complete command is:

reagentc /boottore

The second one is a special version of the good old, familiar shutdown command. It takes two parameters–namely:

  • /r Restarts the computer after shutdown
  • /o Goes to Advanced boot options menu and restarts device, then boots into WinRE

Thus, the complete command is:

shutdown /r /o

What’re These Commands Good For?

Good question. In this modern era, transfer of control to the Windows loader often occurs extremely fast. This means that it can be difficult to impossible to interrupt the initial bootstrap process to divert over to an alternate boot menu — such as WinRE, BIOS/UEFI, boot device menus, and so forth. These commands put you in control over what happens after your next boot in advance. This has become my preferred method, because of the degree of control and guaranteed results that occur.

Shoot! Give one or both of them a try. You might come to like one or the other of them, too! For best results, run them in an administrative command prompt window or PowerShell session.

Facebooklinkedin
Facebooklinkedin

MediaCreationTool.bat Gets 21H1 Update

There’s an interesting spin on Microsoft’s Media Creation Tool available on GitHub. It’s known as MediaCreationTool.bat, and basically it allows users to build an ISO (or a bootable USB device) for any version of Windows 10 from 1507 all the way up to 21H1. By saying “MediaCreationTool.bat Gets 21H1 Update” I’m informing readers an updated version now includes 19043 Builds (21H1).

If MediaCreationTool.bat Gets 21H1 Update, Then What?

I wrote about this tool last year for Win10.Guru where you’ll find background and info about the developer. This GitHub project throws up a menu (see center of Command Prompt window above) that lets users pick the version of Windows 10 for which they want to grab an image. As MCT has always done, it lets them apply an update to the current PC. More commonly, it also lets them create an ISO or build bootable USB media with the chosen image aboard.

A couple of steps are needed to make the batch file usable, however. First, it won’t run unless it gets a .bat extension. You can right-click the GitHub page, select “Save-as” and then make sure to pick “All files” from the File type option. Otherwise, it saves with a .txt extension which must be removed through a file rename operation. Either way, you’ll want to open the properties for this file in Explorer, then click the Unblock button to make sure the OS doesn’t prevent its execution.

Using the Batch File Is a Snap

Then, open an Administrator: Command Prompt window, navigate to the directory where the batch file resides, and run it. I right-click the file name in explorer and grab the name from the Properties window. Then I can simply paste the string into Command Prompt to avoid re-typing. It’s what produced the lead-in graphic for this story.

Because the batch file changes each time a new Windows version comes out, you should get in the habit of visiting the developer’s home page for the script to grab the latest version. From there, click the “Raw” button to open a Web page with the latest version inside.

MediaCreationTool.bat Gets 21H1 Update.homepage

Click the Raw button at upper right and web page with the script text inside will open. Then you can follow the preceding “Save” instructions for your very own copy.
[Click image for full-sized view.]

I’ve gotten in the habit of naming the file to include the version number for the most current one it supports. Thus, I named the most recent such file MediaCreationTool21H1.bat. Hope that makes sense. Enjoy! Good stuff.

Facebooklinkedin
Facebooklinkedin

When WU Repairs Fail Try UUPDump

I’ve got two test machines on the Beta Channel release right now. The older of the pair — a 2014 vintage Surface Pro 3 — is stuck on KB5000842 and keeps throwing install errors. Others reporting into the TenForums thread on this update have had success using the terrific UUPdump tool to build a customized image to install 19043.906. So that’s what I’m trying, too. In general, my strategy is “When WU repairs fail try UUPDump” next anyway. Glad to see others use that strategy, too.

When WU Repairs Fail Try UUPDump.WUerror

A couple of failures, including a complete WU reset, means it’s time to change update strategies.
[Click image for full-sized view.]

Why Say: When WU Repairs Fail Try UUPDump?

The update installs fail each time with an error code of 0x800F081F. This is interesting, and a bit strange, because the error is often associated with the Windows Update Assistant nowhere present in this situation. It can also pop up when items are missing from the download packages that WU delivers to the desktop.

That latter reason explains why a switchover to UUPDump makes sense. It grabs the ISO-based image for the base OS version from MS servers  (19043 aka 21H1 in this case). Then, it uses DISM to apply all newer updates packages up to and including the problematic KB5000842 item that’s throwing the error here. It’s perfectly safe because it uses only Microsoft Servers as the source for its OS and update files.

Building the 19043.906 ISO File

Running UUPDump to build an ISO for a patched OS takes some time because of the many and various steps involved. For the SP3 PC, it took over an hour before it got stuck mounting the image for Build 19041.1. That’s when I realized it makes sense to run UUPdump batch files on the fastest PC around.

Thus, I ran the same job on my Lenovo X1 Extreme, with its 6-core i7-8850H CPU. Given more threads and a faster CPU and much faster Samsung OEM PCIe x3 SSDs, it ran noticeably faster, though the KB5000842 cab file update still took 5 minutes to complete (click “view image” inside the lead-in graphic for this story). The whole thing still took 35 minutes from start to finish.

And it went that fast only because we have fast (nominal GbE, actual 900 Mbps or so) Internet service here at Chez Tittel. What takes the real time, however, is bringing the windows image (.wim) file up from base level Build 19043.844 to the current/highest level Build 19043.906. This takes several steps, each one involving mounting the image, adding packages, the dismounting the image, and continuing forward. There’s some mucking around with a WinRE.wim file along the way, too.

Performing the In-Place Repair Install

This is the easy part: mount the image, run setup.exe and let the installer do its thing. This takes a while, too — considerably longer than applying the update would (checking the PC, agreeing to the EULA, checking for updates,  and so forth; then finally into OS installation). This entire process took another hour or so to complete. But here’s the end result, straight from winver.exe:

When WU Repairs Fail Try UUPDump.final

All’s well that ends well: here’s Build info from the upgraded SP3, right where I want it to be

More About UUPDump

I’ve written about UUPDump for numerous other sites, including TechTarget and Win10.Guru, both for my Windows Enterprise Desktop blog. Here are some links, if you’d like to learn more:

  1. UUPDump Invaluable Resource (TechTarget)
  2. A Peek Inside UUPDump (Win10.Guru) includes a brief interview with its developer who goes by the handle “Whatever”
  3. UUPDump Outdoes Windows Update (Win10.Guru)

Cheers!

Facebooklinkedin
Facebooklinkedin

Build 21343 File Explorer Makeover

On March 24, MS released Build 21343 to Dev Channel Insiders. I immediately heard and saw that File Explorer shows a new look, with modern iconography and a clean, spare layout. But I really didn’t appreciate how attractive things were until I produced the screencap for the lead-in graphic.  While there’s no disputing Build 21343 File Explorer Makeover sounds nice, it’s amazing to experience first hand.

Indeed, Build 21343 File Explorer Makeover Is Real

The top-line toolbar gets a new set of icons that include new UI elements seen elsewhere. For example, the Settings icon at middle top is spiffed up. It now matches the one used in the Start Menu and elsewhere in Dev Channel and other Windows 10 versions. The default folders (formerly known as Libraries) get compelling new icons. Compare them to the folder icons from Build 19042.868 on my production PC. Note that the seldom-used 3D Objects folder — I’ve never used it once myself — also disappears from view.

Build 21343 File Explorer Makeover.oldfoldericons

The old Folder icons (shown preceding) seem flat, monochromatic, and boring compared to the new ones up top.
[Click item for full-sized view.]

Bigger, Bolder Icons Offer More Visual Impact

Even the Network view in File Explorer gets a more interesting and appealing look and feel, as the next screenshot shows quite nicely. Up until now I’d been inclined to take breathless hype surrounding the upcoming “Sun Valley” Windows 10 redesign with a grain or two of salt. Now, seeing the way that File Explorer pops with just a bit of that fairy dust applied, I’m rethinking my enthusiasm.

There may indeed be something interesting and — as Panos Panay put it for upcoming Windows 10 changes at the recent Ignite conference — “exciting” going on here. We still have no choice but to wait and see how future Dev Channel releases play this out. But I am now inclined to be more curious and to look forward more positively for what may be coming next. We’ll see!

Build 21343 File Explorer Makeover.networkicons

The New Network icons also offer more pop and pizazz.
[Click item for full-sized view.]

Facebooklinkedin
Facebooklinkedin

Lenovo Vantage Updates Take Patience

Here’s a sticky situation I’ve found myself in more than once. I’m reasonably fond of the Lenovo Vantage update tool, which handles BIOS, firmware, driver and ancillary software updates pretty well. Occasionally, two or more updates requiring a reboot appear together therein. That’s what happened today, as an Intel Manage-ment Engine (IME) firmware update and a BIOS update appeared in tandem. It’s also what reminded me that Lenovo Vantage updates take patience.

Why Say: Lenovo Vantage Updates Take Patience?

This doesn’t happen with Windows Update, but when you’re applying low-level updates to a system, items that require a reboot must be applied one at a time. I’ve learned this working with Vantage over the past few years. If a firmware update and a BIOS update show up on the same day, it’s best to download and install one by itself. Then, repeat for the second item.

What happens if you try to do more than one? When you attempt to install the second item with a reboot pending, installation fails because it is smart enough to recognize that two separate and distinct reboots are needed.

I don’t always remember this, so I got bitten today when Vantage finished the pre-reboot phase of the BIOS update and transitioned into the IME update. As soon as the IME update got going, it stopped itself and reported an error. Part of the text read “An installation failed to complete properly. Please reboot and try again.”

The Reboot’s the Thing

Of course, as soon as the reboot got through shutdown and into restart, the BIOS update ran to completion and the system rebooted again. After that reboot, I returned to Vantage to generate the lead-in graphic for this story that shows the IME firmware update still pending. As soon as I clicked install, I got an explicit reboot warning, to wit:

If I’d run the sequence IME first, BIOS second, I’d have seen this warning right away, and not been caught in an error. Sigh.

In general, it’s a good idea to make firmware and BIOS changes piecemeal anyway. You don’t want more than one thing at a time to blow up. That could complicate troubleshooting beyond belief. That’s NOT what anyone wants when making deep-level system changes.

Live and learn — or in my case, keep living and get an occasional reminder. Cheers!

Facebooklinkedin
Facebooklinkedin

Windows 10 Driver Go-To Tool DriverStore Explorer

I’ll confess. I’ve been a fan of lostindark’s DriverStore Explorer tool for a decade or more now. Aka RAPR.exe, this tool lays bare the complete contents of the Windows DriverStore for versions 7 and newer. It also makes it pretty easy to clean up old drivers, thanks to its “Select Old Driver(s)” (SOD) button. That what makes my main Windows 10 driver go-to tool DriverStore Explorer. Accept no substitutes!

Windows 10 Driver Go-To Tool DriverStore Explorer Shows ALL Drivers

If you look at the lead-in graphic for this story, you’ll see 8 copies of the same Intel Bluetooth driver installed on my Lenovo X1 Extreme (Gen 8) laptop.  Three older versions of the same driver are also present. When I click the SOD button, 6 copies of the 1/22/2021 driver get marked, along with all 3 2020 versions. When I then click the “Delete Driver(s)” button, and confirm that instruction, exactly 2 copies remain behind. Because they’re different sizes  — one is 2 MB, the other 6 MB — I conclude they’re different even though they share a common filename. All the rest of them (31 MB total) are gone.

Some Drivers Are Special Cases

Sometimes, when you use the SOD button, a selected driver won’t be deleted. Typically, that means the still-present item is in use, despite being older than something else also present in the DriverStore. You can force deletion on such items, but are risking system instability by doing so. I recommend against this unless you’re dead sure the newer driver will work correctly.

Even so, I typically recover anywhere from 50MB to several GB of disk space when I use RAPR to clean out my Windows 10 DriverStores. Nvidia graphics drivers are particularly big space consumers (and generally run from 900 MB to 1.1 or 1.2 GB in size). Cleaning up a half-dozen of these can recover some real space.

Try it for yourself. You can’t help but like it. Visit the GitHub page for more information and the most current download. As I write this story, that version is numbered v0.11.64.

 

Facebooklinkedin
Facebooklinkedin

USB Cables Make Amazing Differences

A couple of weeks ago, I read an online item bemoaning the variations in USB cables, especially those with USB-C connectors on one or both ends. This weekend, I experienced this phenom for myself. I also learned that the right USB cables make amazing differences in speed/throughput.

In the lead-in screenshots above, CrystalDiskMark speeds for the same device appear at left and right. To the left is the US$26 Fideco M.2 NVME External SSD Enclosure – USB 3.1. It’s linked to my Lenovo Yoga X390 through its USB 3.1 port using the vendor-supplied cable. Inside is the Sabrent 1TB Nano M.2 2242 SSD I’ve been writing about a lot lately. To the right everything is identical except I used a USB 3.1 Gen 2 cable. It’s rated at “up to 10 GBPS.”

No Lie: USB Cables Make Amazing Differences

Why on earth would the equipment vendor ship such a POS cable with an otherwise capable NVME enclosure? Speed results for the in-box cable (right) versus a US$7 cable purchased from Amazon differ starkly. For bulk transfers, the Amazon cable is 10 or more times faster. For 4K random reads and writes (bottom two rows), it’s between 6 and 7 times faster for queue depth = 32. That drops to 2 to 3 times faster for queue depth = 1.

Clearly, this is a red flag. It tells us that faster USB-C cables can speed peripheral I/O significantly. It also indicates that one should know what kinds of cables to buy. I got the speed-rated cables so I could see if they did make a difference. Little did I know I would actually benefit greatly from this experiment.

Wrinkles in the Plug-n-Play Experience

The question with USB-C cables is not “Will it work?” Rather, it should be “How fast does it go?” I’ve just learned that big differences sometimes present themselves. Testing your devices is the only way to confirm what kind of performance you’re getting. In my case, it quickly showed me that a high-speed USB-C cable is a worthwhile expense.

FWIW, this experiment also  explained some of the cost differential between the US$26 Fideco unit linked above and the US$45 Sabrent units I also own. The latter ships with USB-C 3.1 Gen 2 cables that perform on par with the speed-rated cables I mentioned near the outset of this story. The NVME enclosures are more or less on par performance wise. That’s NOT true for the in-box USB-C cables, though. There indeed: you get what you pay for!

Facebooklinkedin
Facebooklinkedin

Author, Editor, Expert Witness