Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

There is no feature to refer a quarantined file to Microsoft for analysis directly. Why not add one?

Copper Contributor

In response to ticket TrackingID#2312150050002027, technical support advised, 'Customer can restore the quarantined file(by adding exclusion to that folder if required) and submit it to WDSI for analysis via - Submit a file internally - Microsoft Security Intelligence. If you feel this is not helpful, you can submit your "Product Feedback" here'

In this case, a series of factors, including user unavailability, errors, and failure of the 'Collect file' feature resulted in loss of the samples when the 30-day quarantine limit was reached. It was later determined that the detection was a false positive, making this unnecessary data loss caused by Defender.

A useful sample submission feature should be:

i) usable without disabling protection (adding an exclusion for a folder so that suspected malware can be restored there carries risk)

ii) easy to use

iii) where multiple sample files are involved, allow selection of which ones to submit, e.g. where some contain personal data

iv) well documented

1 Reply