Windows 10: IRM issues with malware analysis submissions.

Jonathan Lee jlee102 · Apr 14, 2021

Hello Microsoft Team,

I am having a issue with submitting a file for malware analysis to Microsoft Defender because it is being blocked by IRM "Information Rights Management" I can not move this file into a zip file or submit it for a closer look. How can I flag this infected file for a closer look if IRM is blocking it with file permissions from me submitting it to Microsoft Defender?

Thank you.

Internal please see Windows Defender submission ID below. Only part of the file could be included into the zipped file.

07160624-882d-43df-835f-56e3b6064f0d

:)

Brink · Apr 14, 2021

OneDrive sync now supports IRM protected SharePoint document libraries

Information Rights Management (IRM) lets people set access permissions to help prevent sensitive information from being printed, forwarded, or copied by unauthorized people. When permission for a file is restricted by using IRM, the access and usage restrictions are enforced even if the file reaches unintended recipients. This is because the access permissions are stored in the document, workbook, presentation, or e-mail message itself, and these must be authenticated against the IRM server.

In SharePoint, IRM lets you protect your files when downloaded and control who can access downloaded files. Downloaded files are encrypted and can only be opened by users that meet the requirements of the IRM policy set on the SharePoint library.

We are currently rolling out an update to the OneDrive sync client that supports syncing IRM protected SharePoint libraries and will hit all users by the end of January. If you want to try this out now, you can find a direct installer link below.

Follow these steps to allow your users to sync IRM libraries:

Deploy and install the RMS (Rights Management Service) client to your users’ machines.

Make sure the OneDrive sync client is up to date. The minimum version required for IRM sync is 17.3.7294.0108 and you can download it here. To check your version: Right click on OneDrive in the taskbar > Settings > About.

Have your users navigate to any IRM protected SharePoint document library and click ‘Sync’.

If you haven’t activated IRM in your SharePoint environment, click here to learn more about how to configure this.

For more information, check out the detailed documentation on how to setup OneDrive to sync IRM libraries.

If you have feedback, please share it with us by right-clicking the blue OneDrive icon in the taskbar and choose "Report a problem" and as always, we want to hear from you, please visit our OneDrive UserVoice page to suggest new features or upvote feature requests.
Click to expand...

Source: OneDrive sync on Windows now supports IRM protected SharePoint document libraries - Microsoft Tech Community

DianneHung · Apr 14, 2021

Submit a file exceed 50MB for Malware Analysis

We have a data extraction software (Web Scraping Tool & Free Web Crawlers | Octoparse) and for the last few week when our users download the software, they got "“Trojan” warnings from Windows Defender Anti-Virus
Software.

So we would like to submit our software to Microsoft for Malware Analysis. But since our file exceeds the required size(50MB), we cannot submit the file on Sample Submission Portal. (https://www.microsoft.com/en-us/wdsi/filesubmission)

We reached out to the support and he suggested we can upload the file to ONEDRIVE and mention the download link here.Here is the download ONEDRIVE link of the file that needs to be analyzed: https://1drv.ms/u/s!Amq8iw_ioYjihCxisvSfaD_kyQ2A

There is NO malicious malware hidden in the files of our program, and the detection is a simple consequence of our protective mechanism being unidentified by Windows Anti-Virus software. In order to protect our intellectual property it employs a strict self-protective
mechanism to prevent our coding from being infringed, decompiled or reversed. As Malware, viruses, and Trojans often disguise themselves with similar protection mechanism, anti-virus software often fail to distinguish the protection mechanism of a clean program
and the disguise of a malware; this is exactly what is generating the false positive anti-virus detection of our software.

Please do review the file and reply with the analysis result. Thank you!

Cliff S · Apr 14, 2021

Super Secretive Malware Wipes Hard Drive to Prevent Analysis

Researchers have uncovered new malware that takes extraordinary measures to evade detection and analysis, including deleting all hard drive data and rendering a computer inoperable.

Rombertik, as the malware has been dubbed by researchers from Cisco Systems' Talos Group, is a complex piece of software that indiscriminately collects everything a user does on the Web, presumably to obtain login credentials and other sensitive data. It gets installed when people click on attachments included in malicious e-mails. Talos researchers reverse engineered the software and found that behind the scenes Rombertik takes a variety of steps to evade analysis. It contains multiple levels of obfuscation and anti-analysis functions that make it hard for outsiders to peer into its inner workings. And in cases that main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim's hard drive.
Click to expand...

Read more.
Source: Ars Technica.

Windows 10: IRM issues with malware analysis submissions.

IRM issues with malware analysis submissions.

IRM issues with malware analysis submissions.

IRM issues with malware analysis submissions.

IRM issues with malware analysis submissions. - Similar Threads - IRM issues malware

Submit a file for malware analysis - submission pending for 10+ days

Submit a file for malware analysis - submission pending for 10+ days

How to submit multiple files for malware analysis 100+

Malware analysis

Error after File submission for False positive analysis

File submit failed for malware analysis

Creating Azure VM for Malware Analysis Lab

Submission for malware analysis

Malware submission