Allow a generic user to clear a malware detection warning.

What are they doing that they are getting malware? Are they patched?
Are users doing things besides "cashiering"?

fix the source of the problem not try and work around the problem. A cashier running only a POS application. It should be running in kiosk mode

They are just running a cloud based website called Titan for school lunches.  Here is the pop up and the malware that it detected and removed.

20210819_122031.jpg20210819_122140.jpg

why are you running the MRT tool and not windows defender?

Yes, I would not use that tool its not going to provide sufficient protection from viruses or malware threats either nor am I fully familiar with it and it is not "intended to replace the AV fully" per Microsoft. Stick to the built-in W10 Defender. Or consider not using Defender or another AV application as well. Make sure you show them how to run an AV scan or know what W10 Defender is often users are not aware of the AV on their systems nor how they work nor what the alerts or pop-up messages mean or what to do other than contact you and help run a full scan if they thought they were seeing malware double-check and run a full W10 Defender offline scan as well. If malware is being detected then leverage Malwarebytes.

https://support.microsoft.com/en-us/topic/remove-specific-prevalent-malware-with-windows-malicious-software-removal-tool-kb890830-ba51b71f-39cd-cdec-73eb-61979b0661e0

MRT.exe had to be running by default because we did not turn it on per se.  Can I just delete the MRT.exe file to kill it?  Is there an uninstall for it?

Weird. So they thought there was malware because the MRT tool popped up. I could not find it documentation-wise nor uninstaller tool but could have missed it. I've never uninstalled MRT before, there are some tips from the Microsoft Community that could help further:

• MSRT | Microsoft Community

The task is called kb890830?  Not seeing it.

Thanks.

Not that I want to do this...but turning off windows defender disable MRT?

Mrt is not part of defender...
It is a stand alone manual run scanner...

C:\Windows\System32 does it show up there?

Do not disable W10 Defender.  They are separate.

MRT.exe is in the system32 folder.  What I have done to a few PCs is delete that executable and see if that prevents it from running again.  Not to say Microsoft can put it back there on another update.

It isn't the executable that is the issue. Someone has set it to run periodically...
As other said, look in scheduled tasks and see if it is listed there...

I  agree with scott it is in the scheduled tasks

Go to and search for the Task Scheduler. It does sound like a scheduled task as David and Scott stated above, it may be under a different name, the task is not called kb890830 perhaps you may need to look at the details section of the tasks set up, then simply delete the task or disable it if it is no longer needed.

I have decided that I am going to block the application through Group Policy.  Thanks everyone for your insightful and excellent input and hope you all have a great rest of your week.