You have a Microsoft 365 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.
The timeline of Device1 includes three files named File1.ps1, File2.exe, and File3.dll.
You need to submit files for deep analysis in Microsoft Defender XDR.
Which files can you submit?
In Microsoft Defender XDR, files available for deep analysis primarily include portable executable (PE) files, such as .exe and .dll files. This means that only File2.exe and File3.dll can be submitted for deep analysis. Script files like .ps1 are not typically supported for this level of analysis.
Correct. Deep analysis currently supports extensive analysis of portable executable (PE) files (including .exe and .dll files). PE files typically have .exe or .dll extensions (executable programs or applications). https://learn.microsoft.com/en-us/defender-endpoint/respond-file-alerts#deep-analysis
https://learn.microsoft.com/en-us/defender-endpoint/respond-file-alerts#deep-analysis Note Only PE files are supported, including .exe and .dll files.
Answer generated by CoPilot: In Microsoft Defender XDR, the following file types can be submitted for deep analysis: • Executable files (.exe, .dll) • Document files (.doc, .docx, .xls, .xlsx, .ppt, .pptx) • PDF files (.pdf) • Script files (.js, .vbs, .ps1) • Archive files (.zip, .rar, .tar, .gz) Please note that the ability to submit a file for deep analysis does not guarantee that meaningful results will be obtained for all file types. The effectiveness of deep analysis can vary depending on the specific characteristics of each file type.