From what i know evjl has told that avast is weak against scripts, so syshardener covers that
1. Despite some AV\IS doing well in specific script tests, the fact of the matter is that they are all weak against scripts.
1.1. Users place too much emphasis upon on-disk scripts while they ignore the threat of post-exploit in-memory only code (this is the "Gotcha").
2. The current prevention methodology is to report malicious scripts to the vendors. To make that prevention work, they have to "collect it all to know it all" - and that is just ludicrous, if not insane. The current state of malicious script prevention has taken years of gathering malicious reports and identifying patterns and making signatures or behavioral algorithms.
3. Interfacing with AMSI is not a straight-forward thing. It is not correct to think that vendor A who uses AMSI and vendor B who uses AMSI will perform the same against malicious scripts. A lot of discrepancies with handling malicious scripts between multiple vendors using AMSI has to do with Microsoft withholding or just not publishing every last bit of AMSI nitty-gritty. Ask
@Eddie Morra .
4. The only way to decisively deal with malicious scripts on disk and especially in-memory is to disable the interpreter or sponsor - which is more less what OSA and SysHardener do. That means disabling them in both the Admin and Standard User Accounts. It makes no sense to enable interpreters in the Admin account full-time. In the worst case scenario, it sets up a Grand Slam home-run for the malc0der.