将恶意软件和非恶意软件提交给 Microsoft 进行分析Submit malware and non-malware to Microsoft for analysis

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

备注

如果你是具有 Exchange Online 邮箱的组织的管理员,我们建议你使用安全与合规中心中的&门户。If you're an admin in an organization with Exchange Online mailboxes, we recommend that you use the Submissions portal in the Security & Compliance Center. 有关详细信息,请参阅使用管理员提交将可疑的垃圾邮件、网络钓鱼、URL 和文件提交到 Microsoft。For more information, see Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft.

在具有 Exchange Online 邮箱或独立 Exchange Online Protection (EOP) 组织中没有 Exchange Online 邮箱的 Microsoft 365 组织中,EOP 包括自动启用的反恶意软件保护。In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, EOP includes anti-malware protection that's automatically enabled. 有关详细信息,请参阅 EOP 中的反 恶意软件保护For more information, see Anti-malware protection in EOP.

多年来,你可能已听到以下最佳做法:You've probably heard the following best practices for years:

  • 避免打开看起来可疑的邮件。Avoid opening messages that look suspicious.
  • 永远不要打开来自你不了解的人的附件。Never open an attachment from someone you don't know.
  • 避免打开邮件中的附件,这些附件会促使你打开或单击附件。Avoid opening attachments in messages that urge you to open or click them.

但是,如果您收到包含可疑附件的邮件,该怎么办?But what can you do if you receive a message with a suspicious attachment? 或者,如果您怀疑计算机或设备被通过筛选器的电子邮件附件感染了,应该怎么做?Or what if you suspect that your computer or device was infected by an email attachment that made it past our filters? 在这些情况下,您应将恶意软件附件提交给 Microsoft。In these cases, you should submit the malware attachment to Microsoft. 相反,如果电子邮件中的附件被错误地标识为恶意软件,也可以提交该附件。Conversely, if an attachment in an email message was incorrectly identified as malware, you can submit that, too.

开始前,有必要了解什么?What do you need to know before you begin?

  • 附件包含脚本或其他恶意可执行文件的邮件被视为恶意软件,您可以使用本文中的过程报告它们。Messages with attachments that contain scripts or other malicious executables are considered malware, and you can use the procedures in this article to report them.

  • 包含恶意站点链接的邮件被视为垃圾邮件。Messages with links to malicious sites are considered spam. 有关报告垃圾邮件和非垃圾邮件的信息,请参阅向 Microsoft 报告邮件 和文件For more information about reporting spam and non-spam, see Report messages and files to Microsoft.

将恶意软件文件提交给 MicrosoftSubmit malware files to Microsoft

转到 Microsoft 安全智能网站 ,以 https://www.microsoft.com/wdsi/filesubmission 提交文件。Go to the Microsoft Security Intelligence website at https://www.microsoft.com/wdsi/filesubmission to submit the file. 若要接收分析更新,请登录到网站,或输入有效的电子邮件地址。To receive analysis updates, sign into the website, or enter a valid email address. 我们建议你使用 Microsoft 工作或学校帐户。We recommend that you use your Microsoft work or school account.

上传一个或多个文件后,请注意为示例提交创建的提交 ID (例如 7c6c214b-17d4-4703-860b-7f1e9da03f7f ,) 。After you've uploaded the file or files, note the Submission ID that's created for your sample submission (for example, 7c6c214b-17d4-4703-860b-7f1e9da03f7f).

Windows Defender 安全智能网站中的提交详细信息

收到示例后,我们将进行调查。After we receive the sample, we'll investigate. 如果我们确定示例文件是恶意文件,我们将采取纠正措施来防止恶意软件被检测。If we determine that the sample file is malicious, we'll take corrective action to prevent the malware from going undetected.

如果继续收到受感染的邮件或附件,则应该从电子邮件复制邮件头,并联系 Microsoft 客户服务和支持人员以寻求进一步的帮助。If you continue receiving infected messages or attachments, then you should copy the message headers from the email message, and contact Microsoft Customer Service and Support for further assistance. 请确保还准备好提交 ID。Be sure to have your Submission ID ready as well.

向 Microsoft 提交非恶意软件文件Submit non-malware files to Microsoft

还可以将你认为被错误地标识为恶意软件的文件提交到网站 (只对问题选择否,你认为此文件包含恶意软件吗 ?) 。You can also submit a file that you believe was incorrectly identified as malware to the website (just select No for the question, Do you believe this file contains malware?).

收到示例后,我们将进行调查。After we receive the sample, we'll investigate. 如果我们确定示例文件是干净的,我们将采取纠正措施以防止该文件被检测为恶意软件。If we determine that the sample file is clean, we'll take corrective action to prevent the file from being detected as malware.