Hi,
It would be nice for the AV, when the heuristic engine detect suspicious file or behavior to upload the file itself, and not just the log and MD5/SHA-1/2/3 to your file analysis system.
Multiple vendor offer now this features and it it helpfull to detect and create quickly the latest version of malwares. Symantec need crually this feature.