Submitting malware to Microsoft for analysis

Applies to: Forefront Protection for Exchange

If you suspect a file to contain malware or potentially unwanted software, you can submit it to Microsoft for analysis. You can use one of the following methods to submit malware files to Microsoft for analysis:

• Submitting files through the Microsoft Malware Protection Center Portal

• Submitting files through Microsoft Customer Support Services

Submitting files through the Microsoft Malware Protection Center Portal

The following Web site enables users to submit files that are suspected of containing malware or potentially unwanted software to Microsoft for analysis:

https://go.microsoft.com/fwlink/?LinkId=196858

You can access this portal directly from the Forefront Protection 2010 for Exchange Server Administrator Console. In the Server Security Views - Dashboard pane, in the Actions section, click Submit Malware Sample.

After you have accessed the Microsoft Malware Protection Center portal, on the Submit a sample page, follow the instructions for the portal submission process.

Preparing files for submission

If your submission is larger than 10 megabytes or you want to submit multiple files for analysis, compress the file or files into a single .zip or .rar archive (must be less than 10 megabytes in size) and password protect the file with the password "infected" (without quotation marks).

When you submit the file, make sure that you include the following data:

• Your name and email address

  Microsoft sends all responses to the email address that you use to submit the files. When you submit the archive file, Microsoft processes the file and then sends a determination of the files that it contains, based on the current Microsoft malware definitions. If it is necessary, adjust your incoming mail filters to ensure that you receive this message.

  If you want to add additional email contacts to receive updates about the status of the submission, also include these contacts and add the following note in the comments field: "Please Reply All".

• Support case number (optional)

  A support case number is not required to submit files for analysis. However, if a support case is already open for this submission, you can include the case number.

• Product that you are using

  Select Microsoft Forefront Server Security. (In the comments section, you may want to list a more specific product name, for example Microsoft Forefront Protection 2010 for Exchange Server.)

• False positives

  If the submission includes files that you believe were incorrectly determined to contain malware, select the I believe this file should not be detected as malware check box. Otherwise, the files are assumed to contain malware.

• File to submit

  Click the Choose File button to browse to the file you want to submit for analysis.

• Description of the malicious activity

  In the comments field, describe what the files did to make you suspect that it contained malware. Also include the operating system on which the suspected malware was found (for example, Windows Server 2008 R2), as well as any additional information that may be helpful in analyzing the files.

About the response message

After you submit the malware files, we send you a response to confirm the receipt of the submission. We then follow up with the results of our analysis and with responses from our partners. If you want more frequent updates through sample review, such as for high-priority submissions, it is recommended that you open a support case.

Submitting files through Microsoft Customer Support Services

Microsoft Customer Support Services can submit files on your behalf. If you have an urgent malware situation that FPE does not address, or if it is after regular business hours, it is recommended that you contact Customer Support Services for help. To do this, use the support information that was provided to you when you purchased FPE, or visit the following Microsoft Web site:

https://go.microsoft.com/fwlink/?LinkID=159889