Forum Discussion

DarryRamai's avatar
DarryRamai
Copper Contributor
Aug 03, 2023

Submitting quarantined file for analysis

Hi, Microsoft Defender for Endpoint has detected & quarantined a .log file in the C:\Windows\System32\LogFiles\HTTPERR folder on a Windows server 2016 computer.  I need to submit the file to Microsoft either from the Microsoft 365 Defender Portal or using Microsoft's Sample Submission Portal (https://www.microsoft.com/en-us/wdsi/filesubmission/) for analysis, but how to safely get the file out of quarantine to send off to Microsoft?  I've already tried creating an MPSupportFiles.cab file by running the command 'mpcmdrun.exe -GetFiles', but after submitting to the Sample Submission Portal, got a status: "Your submission has been rejected due to too many files. For your submission to be analyzed, resubmit fewer files or remove files from any archives you sent. Only include files that need analysis."

If I use the 'Collect file' option from the alert details in Microsoft 365 Defender portal, I get: "This action applies only to files seen in the last 30 days in your organization on devices with Windows 10 Creators Update or newer"

If I select 'Deep Analysis' option, I get: "File type not supported

Deep analysis currently supports analysis of portable executable (PE) files (for example, .exe and .dll files)"

"

No RepliesBe the first to reply

Resources