Privacy and Security Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Windows 11


  • Staff
Windows_Security_banner.png

Microsoft Defender Antivirus is an antivirus software that is included in Windows 11 and can help protect your device from viruses, malware, and other threats.

Cloud-delivered protection and automatic sample submission work together with Microsoft Defender Antivirus to help protect against new and emerging threats.

If a suspicious or malicious file is detected, a sample is sent to the cloud service for analysis while Microsoft Defender Antivirus blocks the file. As soon as a determination is made, which happens quickly, the file is either released or blocked by Microsoft Defender Antivirus.

In the event Microsoft Defender Antivirus cannot make a clear determination, file metadata is sent to the cloud protection service. Often within milliseconds, the cloud protection service can determine based on the metadata as to whether the file is malicious or not a threat.

After examining the metadata, if Microsoft Defender Antivirus cloud protection cannot reach a conclusive verdict, it can request a sample of the file for further inspection. This request honors the settings configuration for sample submission:
  • Send safe samples automatically(default)
    • Safe samples are samples considered to not commonly contain PII data like: .bat, .scr, .dll, .exe.
    • If file is likely to contain PII, the user will get a request to allow file sample submission.
    • This option is the default on Windows, macOS, and Linux.
  • Always Prompt
    • If configured, the user will always be prompted for consent before file submission
    • This setting isn't available in macOS cloud protection
  • Send all samples automatically
    • If configured, all samples will be sent automatically
    • If you would like sample submission to include macros embedded in Word docs, you must choose "Send all samples automatically"
    • This setting isn't available on macOS cloud protection
  • Do not send
    • Prevents "block at first sight" based on file sample analysis
    • "Do not send" is the equivalent to the "Disabled" setting in macOS policy
    • Metadata is sent for detections even when sample submission is disabled
This tutorial will show you how to enable or disable automatic sample submission for Microsoft Defender Antivirus in Windows 11.


You must be signed in as an administrator to turn on/off or enable/disable automatic sample submission for Microsoft Defender Antivirus.



Contents

  • Option One: Turn On or Off Automatic Sample Submission for Microsoft Defender Antivirus in Windows Security
  • Option Two: Turn On or Off Automatic Sample Submission for Microsoft Defender Antivirus using Command
  • Option Three: Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Local Group Policy Editor
  • Option Four: Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus using REG file





OPTION ONE

Turn On or Off Automatic Sample Submission for Microsoft Defender Antivirus in Windows Security


1 Open Windows Security.

2 Click/tap on Virus & threat protection. (see screenshot below)

Microsoft_Defender_automatic_sample_submission-1.png

3 Click/tap on the Manage settings link under Virus & threat protection settings. (see screenshot below)

Microsoft_Defender_automatic_sample_submission-2.png

4 Turn On (default) or Off Automatic sample submission for what you want. (see screenshots below)

Microsoft_Defender_automatic_sample_submission-3.png
Microsoft_Defender_automatic_sample_submission-4.png

5 If prompted by UAC, click/tap on Yes to approve.

6 You can now close Windows Security if you like.





OPTION TWO

Turn On or Off Automatic Sample Submission for Microsoft Defender Antivirus using Command


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Copy and paste the command below you want to use into Windows Terminal (Admin), and press Enter. (see screenshots below)

(Always prompt - Automatic sample submission - ON)
PowerShell Set-MpPreference -SubmitSamplesConsent 0

OR​

(Default - Send safe samples automatically - Automatic sample submission - ON)
PowerShell Set-MpPreference -SubmitSamplesConsent 1

OR​

(Never send - Automatic sample submission - OFF)
PowerShell Set-MpPreference -SubmitSamplesConsent 2

OR​

(Send all samples automatically - Automatic sample submission - ON)
PowerShell Set-MpPreference -SubmitSamplesConsent 3

3 You can now close Windows Terminal (Admin) if you like.

Microsoft_Defender_automatic_sample_submission_turn_on_command.png

Microsoft_Defender_automatic_sample_submission_turn_off_command.png






OPTION THREE

Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus in Local Group Policy Editor


The Local Group Policy Editor is only available in the Windows 11 Pro, Enterprise, and Education editions.

All editions can use Option Four for the same policy.


1 Open the Local Group Policy Editor (gpedit.msc).

2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration>Administrative Templates>Windows Components>Microsoft Defender Antivirus>MAPS

Microsoft_Defender_automatic_sample_submission_gpedit-1.png

3 In the right pane of MAPS in the Local Group Policy Editor, double click/tap on the Send file samples when further analysis is required policy to edit it. (see screenshot above)

4 Do step 5 (enable - Always prompt), step 6 (enable - Send safe samples automatically), step 7 (enable - Send all samples automatically), step 8 (disable - Never send), or step 9 (default) below for what you would like to do.

5 Force Automatic sample submission to "Always prompt"

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below step 8)​

B) Select Always prompt in the Send file samples when further analysis is required drop menu under Options.​

C) Click/tap on OK, and go to step 10 below.​

6 Force Automatic sample submission to "Send safe samples automatically"

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below step 8)​

B) Select Send safe samples automatically in the Send file samples when further analysis is required drop menu under Options.​

C) Click/tap on OK, and go to step 10 below.​

7 Force Automatic sample submission to "Send all samples automatically"

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below step 8)​

B) Select Send all samples automatically in the Send file samples when further analysis is required drop menu under Options.​

C) Click/tap on OK, and go to step 10 below.​

8 Disable and Force Automatic sample submission to "Never send"

This will disable and prevent using Option One and Option Two.


A) Select (dot) Enabled. (see screenshot below step 8)​

B) Select Never send in the Send file samples when further analysis is required drop menu under Options.​

C) Click/tap on OK, and go to step 10 below.​

Microsoft_Defender_automatic_sample_submission_gpedit-3.png

9 Default - Automatic sample submission

This is the default setting to allow using Option One and Option Two.


A) Select (dot) Not Configured. (see screenshot below)​

B) Click/tap on OK, and go to step 10 below.​

Microsoft_Defender_automatic_sample_submission_gpedit-2.png

10 You can now close the Local Group Policy Editor if you like.





OPTION FOUR

Enable or Disable Automatic Sample Submission for Microsoft Defender Antivirus using REG file


1 Do step 2 (enable - Always prompt), step 3 (enable - Send safe samples automatically), step 4 (enable - Send all samples automatically), step 5 (disable - Never send), or step 6 (default) below for what you would like to do.


 2. Force Automatic sample submission to "Always prompt"

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 7 below.​

Always_prompt_automatic_sample_submission.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000000


 3. Force Automatic sample submission to "Send safe samples automatically"

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 7 below.​

Send_safe_samples_automatic_sample_submission.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000001


 4. Force Automatic sample submission to "Send all samples automatically"

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 7 below.​

Send_all_samples_automatic_sample_submission.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000003


 5. Disable and Force Automatic sample submission to "Never send"

This will disable and prevent using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 7 below.​

Never_send_(disable)_automatic_sample_submission.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=dword:00000002


 6. Default - Automatic sample submission

This is the default setting to allow using Option One and Option Two.


A) Click/tap on the Download button below to download the file below, and go to step 7 below.​

Default_enable_automatic_sample_submission.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SubmitSamplesConsent"=-

7 Save the .reg file to your desktop.

8 Double click/tap on the downloaded .reg file to merge it.

9 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

10 You can now delete the downloaded .reg file if you like.


That's it,
Shawn Brink


 

Attachments

  • Windows_Security.png
    Windows_Security.png
    6 KB · Views: 37
  • Always_prompt_automatic_sample_submission.reg
    722 bytes · Views: 110
  • Default_enable_automatic_sample_submission.reg
    696 bytes · Views: 79
  • Never_send_(disable)_automatic_sample_submission.reg
    722 bytes · Views: 76
  • Send_all_samples_automatic_sample_submission.reg
    722 bytes · Views: 75
  • Send_safe_samples_automatic_sample_submission.reg
    722 bytes · Views: 74
Last edited:
Top Bottom