How do I stop sending antivirus samples to Microsoft?

I'd like to not be sending out information from my laptop, so in the Windows Defender Security Center I've disable the Automatic sample submission option. However, I keep getting popups like the following asking to send information anyway. Is there some way I can disable this completely?

Thanks in advance.

|

Disable "Notifications".

~bhringer

2 people found this reply helpful

Was this reply helpful?

Yes
No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Daniel,

I'll play devil's advocate here and ask you the more important question of "why"?

Since the purpose of these notifications is to examine files acting in potentially malicious ways that may also contain personal information, these should only display in rare occasions on most machines.  If they are popping up more often, I'd be asking the question of why, since this indicates either the potential of a local infection or risky behavior that should typically be avoided.

In my own case I'd also had the automatic upload of such files disabled previous to Windows 10, mostly in order to always be made aware when any sort of file was being requested.  However, once Defender became more aggressive in making these requests, I thought about this and realized I had no reason to be concerned about any of the executable file types this most typically requests for upload and since I would always be made aware first if any personal info might be included based on file type, still had this choice.

"When Windows Defender Antivirus is turned on, or is running because Limited Periodic Scanning is enabled, it will automatically send reports to Microsoft that contain data about suspected malware and other unwanted software, and it may also send files that could contain malware. If a report is likely to contain personal data, the report is not sent automatically, and you'll be prompted before it is sent."

Microsoft Privacy Statement – under Windows - Security and Safety Features section

In other words, the very act of disabling this feature is what typically makes it so "noisy" and in fact is unnecessary, since you'll always be prompted if the file(s) requested might contain personal data.

Even if the files requested are sent, it's still not likely your individual files will ever be reviewed by a human, since most of these operations have always been performed by automated processes, with the increase in cloud based detections automating an even greater percentage of such evaluations.

Antivirus evolved – Microsoft Secure

The choice is yours of course, but I've personally found that the act of attempting to protect myself from such automated actions is simply limiting the ability of the security application to perform it's purpose and nothing else.

Rob

4 people found this reply helpful

Was this reply helpful?

Yes
No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

This doesn't look like it will actually disable the process, it just means it's more difficult for me to know about. I don't want this running at all.

Was this reply helpful?

Yes
No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thanks for the detailed response, Rob.

I appreciate that you put a lot of effort into your reply, but it doesn't actually answer any questions and is largely unhelpful. This might be better suited on a question like, "Is it worth disabling automated sending of antivirus samples?".

To answer your question, there are a few reasons.

  1. I like to keep my laptop running as lean as possible. I accept this is a fairly lightweight process, but I don't need it, so I don't want it running.
  2. As I mentioned this running on a laptop. Battery and data is often limited, and I don't want to be spending that on these kinds of processes.
  3. Perhaps most importantly, privacy. These are my files, on my computer, and read by a human or not, I don't want them being sent off, certainly without my permission.

As to why this is happening, I suspect it's based on the volume of new or deleted files on your computer. As a freelancing software developer I work on a lot of projects, and create a lot of builds, and this seems to be when they popup the most. This compounds on the reasons I don't want this happening as their files I've created so I know they're not malicious, and my projects are often under NDA.

Now, debating the reasons I don't want this happening goes beyond the scope of this post (actually asking for them probably goes beyond this post). This post is simply about how to stop sending antivirus samples to Microsoft.

Cheers,

Daniel

2 people found this reply helpful

Was this reply helpful?

Yes
No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

It would have made sense to simply state in your first post that you were a software developer, since I would respond differently in that case.

Any developer always has a different set of issues and my standard response in this case is to find a 3rd-party security product, since the Microsoft products are specifically tuned to consumer needs and often unfriendly to the processes required in developing software.

During development the monitoring components of Defender are often operating in overdrive due to the non-typical situations such as unsigned code and unidentified executables.  I don't know why any serious developer attempts to use the free Microsoft security products, since they're designed specifically to provide free protection when no 3rd-party product is installed, which most commonly occurs with consumers.

Defender will likely never be developer friendly for these reasons, so I'd stop wasting time with it and use any developer forums you may frequent to discuss which 3rd-party security products might be.  If you're operating in an isolated environment you might look into disabling Defender manually, though that's something I won't ever research or recommend here in a consumer forum for obvious reasons.  I've also seen discussions where disabling is becoming more difficult, again likely for obvious reasons for this free consumer focused product.

Rob

3 people found this reply helpful

Was this reply helpful?

Yes
No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Now, debating the reasons I don't want this happening goes beyond the scope of this post (actually asking for them probably goes beyond this post). This post is simply about how to stop sending antivirus samples to Microsoft.

You might want to have a look at this Windows IT Pro Center document:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus

And also the documentation for:

-SubmitSamplesConsent

Specifies how Windows Defender checks for user consent for certain samples. If consent has previously been granted, Windows Defender submits the samples. Otherwise, if the MAPSReporting parameter does not have a value of Disabled, Windows Defender prompts the user for consent. The acceptable values for this parameter are:

  • 0: Always prompt
  • 1: Send safe samples automatically
  • 2: Never send
  • 3: Send all samples automatically

-MAPSReporting

Specifies the type of membership in Microsoft Active Protection Service. Microsoft Active Protection Service is an online community that helps you choose how to respond to potential threats. The community also helps prevent the spread of new malicious software. The acceptable values for this parameter are:

  • 0: Disabled. Send no information to Microsoft. This is the default value.
  • 1: Basic membership. Send basic information to Microsoft about detected software, including where the software came from, the actions that you apply or that apply automatically, and whether the actions succeeded.
  • 2: Advanced membership. In addition to basic information, send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it affects your computer.

https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps

But note that if you specify a value of 3 for the -SubmitSamplesConsent parameter, it will be rejected by the PowerShell interpreter:

The bug report for the issue is here; and I see that they’ve now corrected that reference to Set-MpPreference -SubmitSamplesConsent 3 in the document cited above (without any acknowledgement, of course), but they obviously still haven’t corrected the documentation for the Set-MpPreference cmdlet:

https://aka.ms/Iu4zo8

Other issues with the Set-MpPreference documentation:

Reversed truth values for settings with a Disable prefix:

https://aka.ms/Rde0ff

Incorrect enabled setting for Scanning Network Files:

https://aka.ms/Yrvikb

GreginMich

4 people found this reply helpful

Was this reply helpful?

Yes
No

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated September 13, 2021 Views 1,895 Applies to: