If you suspect a file to be or contain malware, you can submit it to Microsoft for analysis. Use the procedure at the end of this topic in order to prepare these files for submission.

You can use one of the following methods to submit malware files to Microsoft for analysis:

Submitting files by using e-mail

To send files to Microsoft for analysis, use the following e-mail address:


To prepare an archive file that contains the files that you want to submit, follow the steps in Preparing files for submission. Attach the archive file to the e-mail message. When you submit the file, make sure that you include the following data:

  • Your name, e-mail address, and telephone number

    Microsoft sends all responses to the e-mail address that you use to submit the files. When you submit the archive file, Microsoft processes the file and then sends a determination of the files that it contains, based on the current Microsoft malware definitions. If it is necessary, adjust your incoming mail filters to ensure that you receive this message.

    If you want to add additional e-mail contacts to receive updates about the status of the submission, include these contacts in the original e-mail. Also, add the following note in the body of the message: "Please Reply All".

  • Sample type

    If the submission includes files that you believe were incorrectly determined to be malware, add the words "False Positive" to the e-mail subject line; otherwise, the files are assumed to be malware.

  • Support case number (optional)

    A support case number is not required to submit files for analysis. However, if a support case is already open for this submission, you can include the case number on the subject line of the message.

  • List of scan engines

    The names of all scan engines that you are using.

  • Forefront Protection Suite products that you are using

    List the Forefront Protection Suite products that you are using, for example, Forefront Protection 2010 for SharePoint.

  • Platform information

    Indicate the platform on which the suspect malware was found. For example, this might be Windows Vista, Windows Server 2003, Windows 2000, or another version of Windows.

  • Description of the malicious activity

    Describe what the file did to make you suspect that it was malware.

About the response message

  • After you submit malware files by e-mail, we send you a response to confirm the receipt of the submission. We then follow up with the results of our analysis and with responses from our partners. If you want more frequent updates through sample review, such as for high-priority submissions, it is recommended that you open a support case.

Submitting files through Microsoft Customer Support Services

Microsoft Customer Support Services can submit files on your behalf. If you have an urgent malware situation that Microsoft Forefront Protection 2010 for SharePoint does not address, or if it is after regular business hours, it is recommended that you contact Customer Support Services for help. To do this, use the support information that was provided to you when you purchased Microsoft Forefront Protection 2010 for SharePoint, or visit the following Microsoft Web site:


Preparing files for submission

Use care when you handle files that may be classified as malware. Add suspected malware files to a password-protected compressed archive file. By doing this, you avoid infecting other computers when the files are in transit or when you submit the files. To add the files to an archive file that uses a password, follow these steps.

If you have WinZip or a similar compression utility installed, you can use it to create the archive. However, you must use the same file name and the same password that are included in these steps.
To prepare files for submission
  1. In Windows Explorer, open the folder that contains the suspected malware files.

  2. Right-click a blank area in the window, point to New, and then click Compressed (zipped) Folder or WinZip File.

  3. Type malware.zip as the name of the new archive file, and then press ENTER.

  4. Drag and drop the suspected malware files into the archive file.

  5. In the Add dialog box, select the Encrypt added files check box, and then click Add.

  6. In the Encrypt dialog box, in the Enter password box, type infected. The password is case-sensitive; enter it as all lower case.

  7. In the Re-enter password box, retype infected, and then click OK.