Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Emsisoft
What's good about Emsisoft?
Message
<blockquote data-quote="notabot" data-source="post: 841303" data-attributes="member: 75970"><p>Thank you very much for this Fabian, both for the detailed response on how AMSI works, it makes sense. While it's clear form what you said that up to the interpreter to support AMSI, </p><p></p><p>"Python's implementation is responsible to show us the code it is about to execute before it executes it"</p><p></p><p>when the interpreter shows the code to the AMSI module, the AMSI module needs to understand the code, to determine if it malicious or not (?) in that sense the module needs to be able to understand the language.</p><p> Eg if I make my own simple scripting language and somehow make the interpreter work with AMSI, the AMSI module would not be able to decide if it is malicious or not (?) because it would not be able to even parse the code.</p><p></p><p> If the above is correct (?) which scripting languages does the Emsisoft's AMSI module support ( provided that their interpreters/runtimes do make use of AMSI ).</p><p></p><p> Understood what's the issue with behavioral blocking & browsers as well, then only isolation is a viable option, it's a shame out-of the box containerisation does not currently exist on Windows, something like snap apps would had been almost ideal for generic browsing (though with WSL2, running actual snap apps should be doable).</p></blockquote><p></p>
[QUOTE="notabot, post: 841303, member: 75970"] Thank you very much for this Fabian, both for the detailed response on how AMSI works, it makes sense. While it's clear form what you said that up to the interpreter to support AMSI, "Python's implementation is responsible to show us the code it is about to execute before it executes it" when the interpreter shows the code to the AMSI module, the AMSI module needs to understand the code, to determine if it malicious or not (?) in that sense the module needs to be able to understand the language. Eg if I make my own simple scripting language and somehow make the interpreter work with AMSI, the AMSI module would not be able to decide if it is malicious or not (?) because it would not be able to even parse the code. If the above is correct (?) which scripting languages does the Emsisoft's AMSI module support ( provided that their interpreters/runtimes do make use of AMSI ). Understood what's the issue with behavioral blocking & browsers as well, then only isolation is a viable option, it's a shame out-of the box containerisation does not currently exist on Windows, something like snap apps would had been almost ideal for generic browsing (though with WSL2, running actual snap apps should be doable). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
