Skip to main content
Skip to main content
Microsoft Security Intelligence

Submit a file for malware analysis

Microsoft security researchers analyze suspicious files to determine if they are threats, unwanted applications, or normal files. Submit files you think are malware or files that you believe have been incorrectly classified as malware. For more information, read the submission guidelines.

Submit file as a

Internal AV submission portal

Microsoft Defender Response Portal

This portal is for internal use by Microsoft employees to report detection concerns to Microsoft Defender Research

Submit a file internally

Submit files so our analysts can check them for malicious characteristics. Provide the specific files that need to be analyzed and as much background information as possible.


Escalate to WD Response

WD Response serves as the primary contact point to our malware analysts. Submit your files through regular channels before contacting WD Response for special requests or submission follow-ups.


Attack Surface Reduction

Report issues with undetected suspicious activities or activities that have been incorrectly detected (false positives).


Network Protection

Report issues with the detection and blocking of URLs and IP addresses.


Submit a driver file for exploit analysis

Submit drivers for our analysts to check for malicious intent and vulnerabilities. Provide the specific files that need to be analyzed and as much background information as possible.


View your submissions

Track the results of your submissions. You can view detailed detection information of all the files you have submitted as well as the determination provided by our analysts.


Search file hash

Enter a file hash Sha1, Sha256 or Md5 format to view the file details including scan results.

Submit a file for malware analysis

Specify the file and provide information that will help us to efficiently handle your case.
Required fields are marked with an asterisk (*).

Specify the email addresses of users with permission to open the submission details page; separate each address with a semicolon (;)

Was this file found in the Microsoft corporate network?
Note: The customer will receive email about this submission, including the confirmation message and the analysis result.

Provide the Software Assurance ID (SAID) tied to your Microsoft security product
Provide the admin email address associated with the Software Assurance ID (SAID)
NOTE: If you don't have an SAID, your submissions will be given regular priority. For high priority submissions, contact Premier Support.
Submission priority

Specify submission priority

Choose the file you want to submit

Maximum file size is 50 MB. Use the password "infected" to encrypt ZIP or RAR archives.

NOTE: Submit only the specific files you want analyzed. Submitting an installer package or an archive with a large number of files may delay the analysis and cause your submission to be deprioritized.

Should this file be removed from our database at a certain date?
NOTE: Files submitted by multiple users are retained until all retention periods have elapsed.

What do you believe this file is?
Learn how to see the list of detected threats on Microsoft Defender Antivirus.
Learn how to check the definition version on Microsoft Defender Antivirus.
To help our analysts process your submission faster, please provide additional information in English. Include any information you may have about the file, including where you have obtained it, business impact, and platform and other details of affected clients.

Review your submission

Company name

Was this file found in the Microsoft corporate network?

Affected organization

Customer email address

Number of affected devices


Submission priority

Software Assurance ID


Removal date

What do you believe this file is?

Detection name

Definition version

Additional information

Verify you are a human

Submission details will be retained for up to 30 days. For privacy information, read the Microsoft Privacy Statement.