Advice Request AMSI in home and pro ?

Please provide comments and solutions that are helpful to the author of this topic.

9

93803123

Does WD include AMSI in home and pro editions of Windows or it's on only for E3/E5 ?

AMSI is present in all of the latest versions of Windows 10. But I'm pretty sure that Microsoft keeps playing with it, trying to get it right.

Things like AMSI are a gamble. When confronted with a script-based attack, AMSI might or might not block it. It depends upon how Microsoft made it.And I can tell you that AMSI is like Windows 10. You cannot know what Microsoft is doing because they won't say. And even if you did know, you cannot trust it. AMSI implementation is quite vague. I don't think that even the Microsoft developers know. Seems to me like they experiment a lot with AMSI.

If you are worried about malicious scripts, then the only proper way to handle them is to block script file types and their underlying interpreter\sponsor processes from launching.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
AMSI is present in all of the latest versions of Windows 10. But I'm pretty sure that Microsoft keeps playing with it, trying to get it right.

Things like AMSI are a gamble. When confronted with a script-based attack, AMSI might or might not block it. It depends upon how Microsoft made it.And I can tell you that AMSI is like Windows 10. You cannot know what Microsoft is doing because they won't say. And even if you did know, you cannot trust it. AMSI implementation is quite vague. I don't think that even the Microsoft developers know. Seems to me like they experiment a lot with AMSI.

If you are worried about malicious scripts, then the only proper way to handle them is to block script file types and their underlying interpreter\sponsor processes from launching.

AMSI is an interface though, in theory a different AV provider who uses the AMSI interface could have good detection rates - though I have not seen any tests specifically for fileless/scriptors so it's not clear to me if one vendor is better than the others there.
 
9

93803123

AMSI is an interface though, in theory a different AV provider who uses the AMSI interface could have good detection rates - though I have not seen any tests specifically for fileless/scriptors so it's not clear to me if one vendor is better than the others there.

The best AMSI results are from Microsoft because it doesn't share how to implement AMSI to the publishers.

AMSI is only a basic protection. It's not something to place any significant trust into it. The probability is that it will fail you when you need it the most.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top