![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
A cloud-native solution that protects workloads across hybrid and multi-cloud environments with threat detection and security recommendations
The MDECloudProtectionDemoTest file from the Cloud-Delivered Protection demo is a safe, fake malware sample provided by Microsoft specifically to test Microsoft Defender Antivirus cloud protection. It is not real malware.
When cloud-delivered protection and required connectivity are working, Microsoft Defender Antivirus should detect and block that sample when it is downloaded. The expected behavior is:
- A warning notification from Microsoft Defender Antivirus that the file was detected and blocked.
- If using Microsoft Edge or Internet Explorer, an additional browser notification.
- An entry in Windows Security → Virus & threat protection → Protection history under Quarantined threats.
If the file downloaded and no detection occurred, that indicates the cloud-delivered protection path is not behaving as expected, not that the file itself is dangerous. The file is intentionally harmless and designed only to verify protection.
Actions to take:
- Verify cloud-delivered protection and sample submission are turned on:
- Start → Settings → Update & Security → Windows Security → Virus & threat protection → Manage settings.
- Ensure Cloud-delivered protection and Automatic sample submission are On.
- Validate Defender cloud connectivity:
- Open an elevated PowerShell or Command Prompt.
- Run:
cd "C:\Program Files\Windows Defender" MpCmdRun.exe -ValidateMapsConnection - This checks that Defender can reach the cloud protection service.
- Confirm Defender platform and intelligence are current:
- In an elevated PowerShell:
Get-MPComputerStatus | Format-Table AMProductVersion, AntivirusSignatureVersion, AMEngineVersion - Compare against the latest versions listed in the Microsoft Update Catalog and Microsoft Security Intelligence pages referenced in the context.
- In an elevated PowerShell:
- Re-test the demo after confirming the above. If it still is not detected but all settings and connectivity are correct, treat it as a false negative scenario.
- For a false negative, submit the file to Microsoft for analysis using the official submission channels referenced in the documentation. This is optional for this particular demo file (because it is known safe), but it is the correct process if Defender is not detecting test or real samples as expected.
There is no need to be concerned about the MDECloudProtectionDemoTest file itself; it is a Microsoft-provided fake sample and is not harmful. Focus on verifying and correcting Defender cloud protection configuration and connectivity rather than worrying about that file.
References:
- Configure and validate Microsoft Defender Antivirus network connections
- Troubleshoot problems with detecting and removing malware
- Evaluate Microsoft Defender Antivirus using Microsoft Defender Endpoint Security Settings Management (Endpoint security policies)
- Cloud protection and sample submission at Microsoft Defender Antivirus
- Protect your PC from unwanted software