Raynor

Does EAM use AMSI to scan PowerShell scripts?

Recommended Posts

I've been digging a bit into methods for securing PowerShell, and the following question has come to my mind:

Does EAM use the new Windows 10 scanning interface called "AMSI" to scan PowerShell scripts for malicious code when they are executed ?
For more info on what I'm talking about please refer to:

https://blogs.technet.microsoft.com/poshchap/2015/10/16/security-focus-defending-powershell-with-the-anti-malware-scan-interface-amsi/

Judging from the following post it seems that this might be the case, but I'm looking for a definite confirmation.

https://support.emsisoft.com/topic/29757-new-in-20187-improved-file-guard-performance/

Thanks :)

Share this post


Link to post
Share on other sites

I would believe we may make use of some AMSI features, however keep in mind that EAM needs to run on Windows 7 and Windows Server 2008 R2 as well, so there's not much point in implementing a bunch of features that only work on Windows 10. Most of what our protection does is done through API's that work on every version of Windows we officially support, that way the level of protection doesn't change based on the Operating System's features.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.