What is AMSI and how does it work?
AMSI is an interface that was designed to help with malware defense. Not only PowerShell but also other languages such as JavaScript and VBScript can profit from it. It also gives third-party and self-written applications the option to protect their users from dynamic malware. It was introduced with Windows 10/Windows Server 2016.
Currently, AMSI is supported for the following products:
- PowerShell
- Office Visual Basic for Applications macros
- VBScript
- Excel 4.0 (XLM) macros
- Windows Management Instrumentation
- Dynamically loaded .NET assemblies
- JScript
- MSHTA/JScript9
- User Account Control
- Windows Script Host (wscript.exe and cscript.exe)
- Third-party products that support AMSI
Like other APIs, AMSI provides an interface to the Win32 API and the COM API. AMSI is an open standard so it is not limited to PowerShell only; any developer can develop their application accordingly to support AMSI, and any...
