Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Windows 11 – Windows Blog by Brink

Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Windows 11

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Cloud-delivered protection and automatic sample submission work together with Microsoft Defender Antivirus to help protect against new and emerging threats.

If a suspicious or malicious file is detected, a sample is sent to the cloud service for analysis while Microsoft Defender Antivirus blocks the file. As soon as a determination is made, which happens quickly, the file is either released or blocked by Microsoft Defender Antivirus.

In the event Microsoft Defender Antivirus cannot make a clear determination, file metadata is sent to the cloud protection service. Often within milliseconds, the cloud protection service can determine based on the metadata as to whether the file is malicious or not a threat.

After examining the metadata, if Microsoft Defender Antivirus cloud protection cannot reach a conclusive verdict, it can request a sample of the file for further inspection. This request honors the settings configuration for sample submission:

  • Send safe samples automatically(default)
    • Safe samples are samples considered to not commonly contain PII data like: .bat, .scr, .dll, .exe.
    • If file is likely to contain PII, the user will get a request to allow file sample submission.
    • This option is the default on Windows, macOS, and Linux.
  • Always Prompt
    • If configured, the user will always be prompted for consent before file submission
    • This setting isn’t available in macOS cloud protection
  • Send all samples automatically
    • If configured, all samples will be sent automatically
    • If you would like sample submission to include macros embedded in Word docs, you must choose “Send all samples automatically”
    • This setting isn’t available on macOS cloud protection
  • Do not send
    • Prevents “block at first sight” based on file sample analysis
    • “Do not send” is the equivalent to the “Disabled” setting in macOS policy
    • Metadata is sent for detections even when sample submission is disabled

This tutorial will show you how to enable or disable automatic sample submission for Microsoft Defender Antivirus in Windows 11.

Read more…