Share via

Defender AntiVirus Safe Sample submission

Nils 1 Reputation point
2021-09-01T13:08:18.603+00:00

Hi everyone,

with Defender AntiVirus Cloud Protection Service (formally MAPS or Spynet) you can submit samples to MS for in-dept malware-analysis.

The article https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission?view=o365-worldwide says: "Safe samples are samples considered to not commonly contain PII data like: .bat, .scr, .dll, .exe."

According to my own test, html files are transmitted to Microsoft as safe samples as well. So is there a list of all file endings consideres as safe samples?

Thanks,
Nils

Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,931 Reputation points
    2021-09-01T16:10:24.867+00:00

    Hi @Nils

    As the safe samples are sent automatically requested by the Defender for Endpoint antivirus cloud protection the most matching format is .html . Only when it fails we might Manual File Sample Collection by Security Admin from Defender for Endpoint Management Portal and you would use a script to do it so .reg might also be a safe sample format.

    Hope this Answers all your queries , if not please do repost back .
    If an Answer is helpful, please click "Accept Answer" and upvote it : )

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.