Forum Discussion
There is no feature to refer a quarantined file to Microsoft for analysis directly. Why not add one?
In response to ticket TrackingID#2312150050002027, technical support advised, 'Customer can restore the quarantined file(by adding exclusion to that folder if required) and submit it to WDSI for anal...
I think I'm encountering the same problem as what you're describing here.... I uploaded an HTML file which was an attachment on an email which also was saved to OneDrive, where it was detected by MDO as Malicious. I used Standard urgency and it went unanswered for over a week (and counting) by the 3-day point I submitted the same file again as High (only allowed 3 per day per tenant), and a day later I get this back:
SubmissionId: cf8504a3-9ef8-4d36-9d94-ecc5c0df80dc (and earlier one was 9ee0c08b-4ab7-48a4-ad1b-dbea5782d970)
"Researcher comment
The submitted files do not meet our criteria for malware or potentially unwanted applications. No detection will be added for these files. More detailed information about the approach and criteria categories currently used by the Microsoft researchers are available here: https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria Thank you for contacting Microsoft."
Not sure I follow and so I've opened an MS Support case to get clarification. Not sure what I could be doing wrong. I've submitted a detected-as-malware file using Defender Portal > Submissions > Files, where it allowed me to upload the file (twice) and didn't complain whatsoever in the process. Maybe the product should be more clear. The linked article in the researcher's comment doesn't give any clarity to me at all about what I could have done wrong here.
In my case, I obtained the file from the ZAPPED email which I downloaded from the Quarantine. It was an HTML file (13MB), and I uploaded that using Submissions > Files. BTW, on the local computer, scanning this file with Defender AV results in "No threats found".
SubmissionId: cf8504a3-9ef8-4d36-9d94-ecc5c0df80dc (and earlier one was 9ee0c08b-4ab7-48a4-ad1b-dbea5782d970)
"Researcher comment
The submitted files do not meet our criteria for malware or potentially unwanted applications. No detection will be added for these files. More detailed information about the approach and criteria categories currently used by the Microsoft researchers are available here: https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria Thank you for contacting Microsoft."
Not sure I follow and so I've opened an MS Support case to get clarification. Not sure what I could be doing wrong. I've submitted a detected-as-malware file using Defender Portal > Submissions > Files, where it allowed me to upload the file (twice) and didn't complain whatsoever in the process. Maybe the product should be more clear. The linked article in the researcher's comment doesn't give any clarity to me at all about what I could have done wrong here.
In my case, I obtained the file from the ZAPPED email which I downloaded from the Quarantine. It was an HTML file (13MB), and I uploaded that using Submissions > Files. BTW, on the local computer, scanning this file with Defender AV results in "No threats found".