Skip to Content

MC272169: Download quarantined files now available for Microsoft Defender Antivirus in active mode

This message only applies to users who have Microsoft Defender Antivirus in active mode. This new feature release (public preview), the ability to download quarantined files, expands the scope of sample submission to include files that are quarantined on your endpoints. We are excited to offer this capability as a simpler, faster, and safer way to download quarantined files.

Download quarantined files button

Affected Workloads

  • Microsoft Defender for Endpoint

Key points

  • Timing:
    • Public preview: This will rollout in late July.
    • Standard: This will rollout in late August.
  • Roll-out: tenant level
  • Control type: user control
  • Action: review and assess

How this will affect your organization

All quarantined files will be collected and stored in a secure location according to your sample submission configuration. For example; if your sample submission is off, quarantined files will not be collected; if your sample submission is set to prompt for the users, the quarantined files will require the same prompt, if samples are automatically collected so to will all quarantined files.

This new feature will benefit Security Admins and SecOps teams during threat investigations, by permitting them to download the file directly from the file’s detail page via the “Download file” button without end user involvement. While the “Download quarantine files” setting is turned on in Microsoft 365 Defender, quarantined files will be saved in Microsoft’s malware submission storage location.

What you need to do to prepare

This is rolling out default on.

  • Your organization uses Microsoft Defender Antivirus
  • Microsoft Defender Antivirus is in active mode
  • Devices are running Windows 10, version 1703 or later, or Windows server 2016 or later.
  • Devices have Microsoft Defender Antivirus enabled in active mode with cloud-delivered protection turned on.
  • Sample submission is turned on
  • Antivirus engine version is 1.1.17300.4 or later.
  • Devices have Windows 10 version 1703 or later, or Windows server 2016 or 2019

You might want to notify your users about this new capability and update your training and documentation as appropriate.

Message ID: MC272169
Published: 22 July 2021
Updated: 22 July 2021

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.