If you suspect a file to be or contain malware, you can submit it to Microsoft for analysis. Use the procedure at the end of this topic in order to prepare these files for submission.
You can use one of the following methods to submit malware files to Microsoft for analysis:
- Submitting files through
files through Microsoft Customer Support Services
- Submitting files
through the Administrator Console
Submitting files through e-mail
To send files to Microsoft for analysis, use the following e-mail address:
To prepare an archive file that contains the files that you want to submit, follow the steps in Preparing files for submission. Attach the archive file to the e-mail message. When you submit the file, make sure that you include the following data:
- Your name, e-mail address, and telephone
Microsoft sends all responses to the e-mail address that you use to submit the files. When you submit the archive file, Microsoft processes the file and then sends a determination of the files that it contains, based on the current Microsoft malware definitions. If it is necessary, adjust your incoming mail filters to ensure that you receive this message.
If you want to add additional e-mail contacts to receive updates about the status of the submission, include these contacts in the original e-mail. Also, add the following note in the body of the message: "Please Reply All".
- Sample type
If the submission includes files that you believe were incorrectly determined to be malware, add the words "False Positive" to the e-mail subject line; otherwise, the files are assumed to be malware.
- Support case number (optional)
A support case number is not required to submit files for analysis. However, if a support case is already open for this submission, you can include the case number on the subject line of the message.
- List of scan engines
The names of all scan engines that you are using.
- Forefront server products that you are
List the Forefront server products that you are using, for example, Forefront Protection 2010 for Exchange Server (FPE).
- Platform information
Indicate the platform on which the suspect malware was found. For example, this might be Windows Vista, Windows Server 2003, Windows 2000, or another version of Windows.
- Description of the malicious activity
Describe what the file did to make you suspect that it was malware.
About the response message
- After you submit malware files by e-mail, we
send you a response to confirm the receipt of the submission. We
then follow up with the results of our analysis and with responses
from our partners. If you want more frequent updates through sample
review, such as for high-priority submissions, it is recommended
that you open a support case.
Submitting files through Microsoft Customer Support Services
Microsoft Customer Support Services can submit files on your behalf. If you have an urgent malware situation that FPE does not address, or if it is after regular business hours, it is recommended that you contact Customer Support Services for help. To do this, use the support information that was provided to you when you purchased FPE, or visit the following Microsoft Web site:
Submitting files through the Administrator Console
You can submit malware files using the Forefront Protection 2010 for Exchange Server Administrator Console. In the Server Security Views - Dashboard pane, in the Actions section, click Submit Malware Sample, and then follow the instructions on the Submit a sample page.
Preparing files for submission
Use care when you handle files that may be classified as malware. Add suspected malware files to a password-protected compressed archive file. By doing this, you avoid infecting other computers when the files are in transit or when you submit the files. To add the files to an archive file that uses a password, follow these steps.
|If you have WinZip or a similar compression utility installed, you can use it to create the archive. However, you must use the same file name and the same password that are included in these steps.|
In Windows Explorer, open the folder that contains the suspected malware files.
Right-click a blank area in the window, point to New, and then click Compressed (zipped) Folder or WinZip File.
Type malware.zip as the name of the new archive file, and then press ENTER.
Drag and drop the suspected malware files into the archive file.
In the Add dialog box, select the Encrypt added files check box and then click Add.
In the Encrypt dialog box, in the Enter password box, type infected. The password is case-sensitive; enter it as all lowercase.
In the Re-enter password box, re-type infected, and then click OK.