How to Submit Malicious Samples to Microsoft Security Team

Anti-Malware products are getting smarter and advance and they are capable of detecting and removing unknown or 0-day malwares. There are several algorithms and methods helping to detect unknown and suspicious files and Microsoft Anti-Malware engine (such as Microsoft Defender) comes with technologies such as Cloud-delivery protection where it connects to Microsoft server and check suspicious behaviors and if they behave like a malware then, detect and block them. Anti-Malware companies are working to improve their detection engines and we shouldn’t forget cybercriminals and malware authors are also working on new methods to bypass detection. This is ongoing battle between cybersecurity experts and cybercriminals. Sometimes, you as IT administrator might come across undetected malwares. They won’t detect even with updated version of Anti-Malware products. The common approach is searching and looking for ways to detect and remove them or file a support ticket and you will end up get ride of the malware but normally the actual sample of malware will be destroyed and there is a risk to use the same method to harm other users or companies. Therefore, as an IT professional, it is really important to submit sample of undetected malwares to the Anti-Malware vendor. Firstly, always make sure to find out how to malware gets into your system. They could be through an email, a malicious link, external storage and others. In case you observed any malicious link (it could be a link contains malware or a phishing website. You may report them directly to Microsoft and you may collect list of these malicious links and submit them using Report an unsafe site - Microsoft Security Intelligence.

Sharing information of malicious websites will contribute a lot in detecting and discovering new threats and malwares. However, in case you have a sample of a malware which is not being detected by Microsoft Anti-Malware engine, then you may submit the sample to the Microsoft Anti-Malware team. When you submit the sample, in case it is known and signature is available, then you will get a notification with the signature version which detect the malware and you will have to update the signature. In some case, the signature is still being tested but the cloud protection is able to detect it. In this case, you have to enable cloud protection and connect to internet to detect and remove it. In other case, there is totally unknown malware and Microsoft Anti-Malware team will investigate and develop signature to detect and remove it. This way, you are not only protecting your company but our sample might help protecting thousands or millions of connected devices worldwide. In case you want submit sample of malware, have a look at Submit a file for malware analysis - Microsoft Security Intelligence.