Oct 12 2023 03:41 AM - edited Oct 12 2023 03:41 AM
Is there anyone who could help me with submission files for MDE support?
There is a detection of our powershell monitoring script. It is detected by AMSI module. I submitted powershell script directly from an alert in Microsoft 365 Defender portal. There was reply: "We cannot reproduce any detection on the file..mpcmdrun.exe -GetFiles All created log files will be compressed into MPSupportFiles.cab . Please send us the detected file and MPSupportFiles.cab using https://aka.ms/wdsi ."
So I did as they ask but my submission was rejected with comment: "Your submission has been rejected due to too many files."
MPSupportFiles.cab was generated by Defender. I don't know how to submit less files.
Oct 12 2023 05:47 AM
Hi @TomasCinko,
here are a few things you can do to try to submit your MDE support files without getting the "too many files" error:
Once you have split the MPSupportFiles.cab archive into multiple files, you can submit them to Microsoft using the https://aka.ms/wdsi link.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Oct 12 2023 02:54 PM
Hi @LeonPavesic,
thank for your reply. I unzip cab file then I removed some files and finally I created cab(CabMaker) again with less files. It was hard to decide what to delete. It wasn't about cab file size but it was about lot of small files. I mean the reason of rejection.
I'm attaching picture of that files. Do you know what are these for? Is it ok to delete it? There were more than thousand files.
I hope that support wont tell me that something is missing. If it will be fine, I will mark your reply as best response.
Oct 13 2023 12:16 AM
Hi @TomasCinko,
thanks for your Update and the screenshot with the list of files.
The screenshot you sent shows a list of files in a CAB archive. The files are all related to Microsoft Defender for Endpoint (MDE).
Here is a short description:
The other files in the CAB archive are all related to MDE, but they are not as important as the files listed above.
If you are trying to reduce the size of the CAB archive, you can delete the following files:
Once you have deleted the unnecessary files, you can create a new CAB archive using the CabMaker tool.
Please note that I am not an official Microsoft support engineer, so I cannot guarantee that the support team will accept your submission if you delete any of the files in the CAB archive.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Aug 15 2024 07:19 PM