Like other antivirus programs, Microsoft Defender will upload suspicious files to Microsoft to determine if they are malicious. However, some consider this a privacy risk and would rather have their files stay on their computer than being uploaded to a third party.
When Microsoft Defender scans your device, by default, it will use the “Automatic sample submission’ feature to upload files to Microsoft’s servers when a file is suspected to be malicious.
Microsoft’s cloud-based protection will analyze the file, and if it is determined to be malicious, cause Microsoft Defender to quarantine the file on the device.
When submitting files, Microsoft Defender will automatically upload executables and scripts but warn the user first to upload a file that may contain personal information, such as a document.
“If Windows Defender Antivirus is turned on, it monitors the security status of your device. It automatically prepares reports to send to Microsoft about suspected malware and other unwanted software. Sometimes, the report includes files that may contain malware.”
“Files that aren’t likely to contain user data are sent automatically. However, you’ll be prompted for permission if Windows Defender Antivirus wants to send a document, spreadsheet, or other type of file that is likely to contain your personal content,” Microsoft explains in a Windows 10 privacy webpage.
Possible privacy risk?
While I consider uploading suspected files for analysis to be a beneficial feature, some antivirus users consider this a privacy risk and may want to disable it.
“Perhaps most importantly, privacy. These are my files, on my computer, and read by a human or not, I don’t want them being sent off, certainly without my permission,” explained a Windows 10 user who wanted to disable the feature.
Automatic file submissions are also a possible cause for the fallout between the US government and Russian antivirus firm Kaspersky.
In 2015, Kaspersky disclosed that they had detected a suite of NSA surveillance and hacking tools associated with the mysterious “Equation Group.”
These tools were reportedly later uploaded from an NSA contactor’s PC who had brought the tools home and stored them on his home PC, running Kaspersky antivirus. When the software detected them as suspicious, the antivirus program uploaded them to Kaspersky’s servers, which at that time, were in Russia.
How to disable Microsoft Defender’s automatic file uploads
While we still suggest that users allow automatic sample submissions to increase the security of their computer, if you wish to disable the feature in Microsoft Defender, you can use the following steps:
- Click on the Start Menu, search for ‘Windows Security‘, and open it when it appears in the search results.
- When the Windows Security screen opens, click on ‘Virus & threat protection.’
- When the Virus & threat protection screen opens, click on ‘Manage Settings‘ under the Virus & threat protection settings category.
- When the Virus & threat protection settings screen opens, scroll down and disable ‘Automatic sample submission,’ as shown in the image below.
- After disabling the setting, you will be shown a User Account Control (UAC) prompt, where you should click on the Yes button.
Automatic sample submissions are now disabled and can be enabled again by reversing these steps.