Like other antivirus programs, Microsoft Defender will upload suspicious files to Microsoft to determine whether they are malicious or not. However, some view this as a privacy risk and prefer their files to remain on their computers rather than being uploaded to a third party.
When Microsoft Defender scans your device by default, it uses the “Auto sample submission” feature to upload files to Microsoft servers when a file is suspected of being malicious.
Microsoft’s cloud-based protection will analyze the file and if found to be malicious, it will cause Microsoft Defender to quarantine the file on the device.
When submitting files, Microsoft Defender automatically uploads executables and scripts, but first warns the user to upload a file that may contain personal information such as documents.
“If Windows Defender Antivirus is turned on, it monitors the security status of your device. It automatically generates reports about suspected malware and other unwanted software to be sent to Microsoft. Sometimes the report contains files that may contain malware.”
“Files that are unlikely to contain user data are sent automatically. However, if Windows Defender Antivirus wants to send a document, spreadsheet, or other type of file that may contain your personal content, you will be asked for your permission.” Microsoft explains it on a Windows 10 privacy web page.
Windows 10 Defender Possible Privacy Risk
While I think uploading suspicious files for analysis is a useful feature, some antivirus users view this as a privacy risk and may want to disable it.
“Perhaps most importantly, privacy. These are my files on my computer, and I absolutely don’t want them to be sent without my permission, whether they are read by a human or not,” explained one Windows 10 user. feature.
Automatic file submissions are a possible cause of controversy between the US government and the Russian antivirus firm Kaspersky.
Kaspersky announced in 2015 that they detected a number of NSA surveillance and hacking tools associated with the mysterious “Equation Group”.
These tools were then reported to be loaded from an NSA contactor’s computer, which brought the tools home and stored them on the home computer running Kaspersky antivirus. When the software detected them as suspicious, the antivirus program uploaded them to Kaspersky servers located in Russia at the time.
How to disable Microsoft Defender’s automatic file uploads
We still recommend that users allow automatic sample submissions to increase the security of their computers, but if you want to disable the feature in Microsoft Defender, you can use the following steps:
- Click on the Start Menu, search for ‘Windows Security’ and open it when it appears in the search results.
- When the Windows Security screen opens, click on ‘Virus and threat protection’.
- When the virus and threat protection screen opens, click on ‘Manage Settings’ under the Virus and threat protection settings category.
4. Once the virus and threat protection settings screen opens, scroll down as shown in the image below and disable ‘Automatic sample sending’.
5. After disabling the setting, you will be shown a User Account Control (UAC) prompt where you have to click on the Yes button.
Automatic sample submissions are now disabled and can be re-enabled by reversing these steps.