AMSI - Anti Malware Scan Interface

Definition

What is the Anti-Malware Scan Interface (AMSI)?

The Anti-Malware Scan Interface (AMSI) is a security feature in Windows that allows applications and services to integrate with antimalware software (AKA antivirus) to detect and block malicious code.

AMSI works by sending every line in the script while it’s running in the interpreter to the machines’ antivirus to be scanned before executing it.

This provides an extra layer of protection against fileless malware, particularly those that use PowerShell scripts, Macros (VBA) and JavaScript.

You may also find interesting

WSC - Windows Security Center

Intrusion Detection and Prevention System

You may also find interesting

WSC - Windows Security Center

Intrusion Detection and Prevention System

Core Concepts

Sandbox

A Sandbox is an isolated environment where code or software...

Read More

Hashing

Hashing is a cryptographic process that transforms an input ("message")...

Read More

Antivirus

The traditional Antivirus software is designed to detect, block, and...

Read More

MITRE

MITRE is a not-for-profit organization that operates federally funded research...

Read More

MITRE ATT&CK

MITRE is a not-for-profit organization that operates federally funded research...

Read More