Windows 10 IRM "Information Rights Management," DLP "Data Loss Prevention" software blocking infected file for malware analysis submissions. Remote Clipboard red

  • Thread starter Thread starter Jonathan Lee (jlee102)
  • Start date Start date
J

Jonathan Lee (jlee102)

Hello Microsoft Team,


Can you please help? I am having a issue with submitting a file for malware analysis to Microsoft Defender's website because it is being blocked by IRM "Information Rights Management" I can not move this file into a zip file to submit it for a closer look. How can I flag this infected file for a closer look if IRM is blocking it with file permissions blocking me from submitting it into the Microsoft Defender Website for Malware analysis? If the file is blocked with IRM or DLP software? How can we flag a file for a submission into the Windows Defender Submission site if it is under DLP or IRM software management however is a suspected virus? The clipboard is data that is in motion, it is not at rest, and when a service called RDPclip.exe that is used for remote desktop clipboard services is not signed with Microsoft I wanted to submit the file, however it would not let me submit that version into the zip file.




Files I want to zip



Zipped folder creation for malware submission with all files selected.



Result of Zipped Files: This is the files that are included in zipped file, They do not match. DLP or IRM or something is blocking a new kind of adapted protected malware using DLP or IRM software to block it from being investigated with Windows Defender, and only letting me submit the signed version of RDPclip.exe so Windows Defender analysis system can not see the issues with non signed file.



File I would like to include shows not signed.​


Internal Windows Defender Ticket with Microsoft: Please see Windows Defender submission ID below. Only part of the file could be included into the zipped file. So I submitted screenshots of the others because I could not add the other files into the zip file for submission.




Unsigned Remote Service running even after disabling it. Unchecked radio box now showing. Possible abuse vector of any clipboard or screenshot item. Clipboard redirection abuse with Remote Desktop Clipboard unsigned redirection software. GDPR, CCPA risks.​


Microsoft Malware submission ID:


Thank you

Jonathan Lee

Adult Student

Continue reading...
 
Back
Top