As per https://learn.microsoft.com/en-us/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission and my own experiments I am very positive that cloud scans do not only base themselves on the few hashes the project sends so far. For example, the full path to the file, signing options, parent-child process relationships and other information can't be set right now if I understand correctly, but make a huge different in the scan results (specially leading to ML based detections on unknown file hashes).
It would be pretty cool to support that additional input information.
As per https://learn.microsoft.com/en-us/defender-endpoint/cloud-protection-microsoft-antivirus-sample-submission and my own experiments I am very positive that cloud scans do not only base themselves on the few hashes the project sends so far. For example, the full path to the file, signing options, parent-child process relationships and other information can't be set right now if I understand correctly, but make a huge different in the scan results (specially leading to ML based detections on unknown file hashes).
It would be pretty cool to support that additional input information.