Submit a file for malware analysis

Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been incorrectly classified as malware. For more information, read the submission guidelines.

You are signed in with a account, however you have chosen to submit as a . Choose a different option or sign in with a account

Submit file as a

Microsoft Defender Response Portal

This portal is for internal use by Microsoft employees to report detection concerns to Microsoft Defender Research

Submit a file internally

Submit files so our analysts can check them for malicious characteristics. Provide the specific files that need to be analyzed and as much background information as possible.

SUBMIT A FILE

Escalate to WD Response

WD Response serves as the primary contact point to our malware analysts. Submit your files through regular channels before contacting WD Response for special requests or submission follow-ups.

CONTACT WD RESPONSE

Attack Surface Reduction

Report issues with undetected suspicious activities or activities that have been incorrectly detected (false positives).

ATTACK SURFACE REDUCTION

Network Protection

Report issues with the detection and blocking of URLs and IP addresses.

NETWORK PROTECTION

Submit a driver file for exploit analysis

Submit drivers for our analysts to check for malicious intent and vulnerabilities. Provide the specific files that need to be analyzed and as much background information as possible.

SUBMIT A DRIVER

View your submissions

Track the results of your submissions. You can view detailed detection information of all the files you have submitted as well as the determination provided by our analysts.

SUBMISSION HISTORY

Search file hash

Enter a file hash Sha1, Sha256 or Md5 format to view the file details including scan results.

Enter a valid SHA 1/256 or MD5

File with the entered Hash was not found

Submit a file for malware analysis

Specify the file and provide information that will help us to efficiently handle your case.
Required fields are marked with an asterisk (*).

Specify valid email addresses, separating each with a semicolon

Give additional users access to the submission

Specify the email addresses of users with permission to open the submission details page; separate each address with a semicolon (;)

Select a Microsoft security product

Select the Microsoft security product used to scan the file *

Specify the company name

Company Name *

Was this file found in the Microsoft corporate network?

No Yes

Specify affected organization

Affected organization*

Specify a valid customer email address

Customer contact (recommended)

Note: The customer will receive email about this submission, including the confirmation message and the analysis result.

Select the number of affected devices

Specify a valid Software Assurance ID

Specify a valid admin email address for SAID

SAID validated. Make high priority submissions only when dealing with active malware or incorrect detections that require immediate attention

Invalid SAID. The specified SAID could not be validated. All submissions are given regular priority

Problems validating SAID. Could not connect to the validation service. Please try again later

Software Assurance ID

Provide the Software Assurance ID (SAID) tied to your Microsoft security product

Software Assurance ID (SAID)

Admin email address

Provide the admin email address associated with the Software Assurance ID (SAID)

NOTE: If you don't have an SAID, your submissions will be given regular priority. For high priority submissions, contact Premier Support.

Submission priority Regular — submission will be added to our queue High — submission will be given immediate attention; use only during emergencies to address active malware or incorrect detections

Specify submission priority Low — may never be processed by an analyst; use for bulk submissions or to check latest detections Medium — for analyst review within a few days High — receives immediate attention; analyst will be paged and will respond within two hours

Select the file to submit

The selected file is too large ()

The selected file is empty

Select the file *

Should this file be removed from our database at a certain date? No — remove the file automatically after a period of inactivity Yes — remove the file on:

Select a date between 30 days and 5 years from now

NOTE: Files submitted by multiple users are retained until all retention periods have elapsed.

What do you believe this file is?

Malware/malicious Incorrectly detected as malware/malicious PUA (potentially unwanted application)

Learn more about PUA

Incorrectly detected as PUA (potentially unwanted application)

Specify a detection name

Detection name *

Learn how to see the list of detected threats on Microsoft Defender Antivirus.

Definition version (recommended)

Learn how to check the definition version on Microsoft Defender Antivirus.

Specify additional information

Additional information *

0/1900

To help our analysts process your submission faster, please provide additional information in English. Include any information you may have about the file, including where you have obtained it, business impact, and platform and other details of affected clients.

Review your submission

Company name

Was this file found in the Microsoft corporate network?

Affected organization

Customer email address

Number of affected devices

Product

Submission priority

Software Assurance ID

File

Removal date

What do you believe this file is?

Detection name

Definition version

Additional information

Verify you are a human

Enter the characters you see

New Audio

Submission details will be retained for up to 30 days. For privacy information, read the Microsoft Privacy Statement.

Submit a file for malware analysis

Microsoft Defender Response Portal

Submit a file internally

Escalate to WD Response

Attack Surface Reduction

Network Protection

Submit a driver file for exploit analysis

View your submissions

Search file hash

Submit a file for malware analysis

Review your submission

Sign in to track your submissions

Initializing...