Feb 06 2024 09:42 AM
In response to ticket TrackingID#2312150050002027, technical support advised, 'Customer can restore the quarantined file(by adding exclusion to that folder if required) and submit it to WDSI for analysis via - Submit a file internally - Microsoft Security Intelligence. If you feel this is not helpful, you can submit your "Product Feedback" here'
In this case, a series of factors, including user unavailability, errors, and failure of the 'Collect file' feature resulted in loss of the samples when the 30-day quarantine limit was reached. It was later determined that the detection was a false positive, making this unnecessary data loss caused by Defender.
A useful sample submission feature should be:
i) usable without disabling protection (adding an exclusion for a folder so that suspected malware can be restored there carries risk)
ii) easy to use
iii) where multiple sample files are involved, allow selection of which ones to submit, e.g. where some contain personal data
iv) well documented
Feb 09 2024 10:58 AM
May 15 2024 09:23 AM