Share via

About Malware Samples Sent To Microsoft?

Anonymous
2026-03-11T00:02:48.2566667+00:00

What does Microsoft do with malware samples sent to them?.Does somebody from Microsoft gets in contact with the company who is listed in the malware sample/s?.Does Microsoft send law enforcements to the company who is listed on the malware sample?.Is Microsoft allowed to force a company to remove their free downloadable files/programs that contain computer viruses?.What does Microsoft do with an infected Windows 11 iso file that was sent to them,after many experts claim there are many infected Windows 11 iso's on offer,and once installed it's game over for the computer?.I have sent a malware sample to Microsoft and still no word yet on what that sample had in it?.

Windows for home | Windows 11 | Security and privacy

Locked Question. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Q&A Assist
    2026-03-11T00:03:04.9866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When malware or suspicious files are sent to Microsoft, they are used for security analysis and to improve protection technologies, not for direct contact with the software publisher in most cases.

    1. What Microsoft does with submitted malware samples
    • Samples are analyzed by Microsoft’s security systems and researchers to determine whether they are malicious, clean, or incorrectly detected.
    • The results are used to:
      • Improve Microsoft Defender Antivirus and other Microsoft Defender protections.
      • Update malware signatures and cloud-based protections so that other customers are protected.
    • For Defender products, suspicious files can also be automatically submitted via cloud protection and automatic sample submission; the file is analyzed in the cloud and then either allowed or blocked based on the determination.

    Relevant mechanisms include:

    • Cloud protection and automatic sample submission in Microsoft Defender Antivirus: when a suspicious or malicious file is detected, a sample is sent to the cloud service for rapid analysis while the file is blocked. Once a determination is made, the file is either released or kept blocked.
    • Manual submissions via the Microsoft Security Intelligence sample submission portal, or via the Submissions page in the Microsoft Defender portal for organizations.
    1. Does Microsoft contact the company listed in the malware sample? The provided information describes analysis and protection actions only. It does not describe any standard process where Microsoft contacts the company named in or associated with a submitted sample.
    2. Does Microsoft send law enforcement to the company listed in the malware sample?
    • The anti-malware FAQ states that Microsoft’s service focuses on spam and malware detection and removal.
    • Microsoft may occasionally investigate especially dangerous or damaging spam or attack campaigns and “often work with our legal and digital crime units” to:
      1. Take down a spam botnet.
      2. Block an attacker from using the service.
      3. Pass information on to law enforcement for criminal prosecution.
    • This is described at a campaign/attacker level, not as an automatic consequence of every individual sample submission.
    1. Can Microsoft force a company to remove free downloadable files/programs that contain viruses? The context only states that Microsoft focuses on detection and removal in its own services and products, and that it can block attackers from using the service or work with law enforcement. It does not describe any general power to “force” a third-party company to remove files from its own distribution channels.
    2. What happens with an infected Windows 11 ISO file that is submitted?
    • From Microsoft’s perspective, an infected ISO is treated as a suspicious or malicious file:
      • If submitted through the sample submission portal, it is analyzed like any other sample.
      • If Defender detects it locally, cloud protection and sample submission can send it for analysis while blocking it.
    • After analysis, Microsoft can update Defender signatures and cloud protection so that:
      • The infected ISO is detected and blocked on other systems.
      • Clean ISOs are not incorrectly flagged. The documentation does not describe any special or different handling for ISO files beyond this general process.
    1. Why no response yet about a submitted sample?
    • When a file is submitted via the Microsoft Security Intelligence sample submission portal, signing in allows tracking of submissions and receiving analysis updates.
    • The documentation states that after Microsoft receives the sample, it is investigated and, if determined to be clean, corrective action is taken to prevent future incorrect detections. It does not guarantee a specific response time or that detailed per-sample reports will always be sent.

    To ensure status visibility on future submissions:

    • Use the sample submission portal while signed in with a Microsoft work, school, or personal account so submissions can be tracked.

    References:

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest