Antimalware Scan Interface (AMSI) is a Microsoft Windows component that allows the deeper inspection of built-in scripting services.
Advanced malware uses scripts that are disguised or encrypted to avoid traditional methods of scanning. Such malware is often loaded directly into memory, so it does not use any files on the device.
AMSI is an interface that applications and services that are running on Windows can use to send scanning requests to the antimalware product installed on the computer. This provides additional protection against harmful software that uses scripts or macros on core Windows components, such as PowerShell and Office365, or other applications to evade detection.
To turn on AMSI integration in the product:
-
- Open the product from the Windows Start menu.
- On the Antivirus page, select Settings.
- Select Viruses and Threats.
- Select Edit settings.
-
- Turn on Antimalware Scan Interface (AMSI).
The product now notifies you of any harmful content that AMSI detects, and logs those detections in the event history.