Turn on Automatic Sample Submission


Tip # 3: Turn on Automatic Sample Submission

Automatic Sample Submission allows Microsoft to download a copy of never-seen-before Windows executables and analyse them off-system for security purposes. This capability provides Microsoft an incredible edge for detecting new malware samples and track attack campaigns across the globe. By enabling this feature, you'll benefit from Microsoft's capability to detect new malware samples that have bypassed Windows Defender.

One of the most common tactic to defeat anti-virus software consist in recompiling known attack tools after applying additional layers of operational security (i.e. removing strings, editing icons, and changing command arguments).

Penetration testers and Red Teamers often re-compile tools such as Mimikatz to bypass enterprise anti-virus products that detect malware solely based on binary analysis.

By enforcing Automatic Sample Submission on your Windows endpoints in combination with using Windows Defender, Microsoft can now provide 1-day defence against such this attack tactic. The modified malware sample may work for a few hours, or a day, before Windows Defender starts detecting it and alerting you of the attack.

Turn on in Windows Defender Security Center

  • Open the Windows Defender Security Center
  • Select ‘Virus & Threat Protection’ then select ‘Virus & Threat Protection Settings’
  • Turn On Automatic Sample Submission

Enable It With Powershell

Use MS Guard Today

MS Guard is a FREE Windows security assessment tool that helps organisations save money,improve their ROI, reduce cyber risks, achieve compliance and deliver security at scale. Learn more