Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/subat0mik/whoamsi
An effort to track security vendors' use of Microsoft's Antimalware Scan Interface
https://github.com/subat0mik/whoamsi
Last synced: 6 days ago
JSON representation
An effort to track security vendors' use of Microsoft's Antimalware Scan Interface
- Host: GitHub
- URL: https://github.com/subat0mik/whoamsi
- Owner: subat0mik
- License: gpl-3.0
- Created: 2019-09-20T03:44:04.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-02-22T14:31:08.000Z (almost 3 years ago)
- Last Synced: 2024-02-12T21:19:40.291Z (10 months ago)
- Size: 29.3 KB
- Stars: 216
- Watchers: 15
- Forks: 16
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - subat0mik/whoamsi - An effort to track security vendors' use of Microsoft's Antimalware Scan Interface (Others)
README
The purpose of this page is to be a repository of endpoint protection (AV, EDR, etc) that uses Microsoft's Antimalware Scan Interface (AMSI). This will provide some context around endpoint protection and possible attack vectors. Products with information missing have not been verified yet. This project expands on the work done by [@Lee_Holmes](https://twitter.com/Lee_Holmes) and [@PyroTek3](https://twitter.com/PyroTek3) by keeping a publicly available list up-to-date.
| Vendor/Product | AMSI | Date | Reference |
| -------- | -------- | -------- | -------- |
| Avast | Y | 03/20/2016 | https://forum.avast.com/index.php?topic=184491.msg1300884#msg1300884
| AVG | Y | 03/08/2016 | https://support.avg.com/answers?id=906b00000008oUTAAY
| BitDefender Consumer | Y | 09/20/2016 | https://forum.bitdefender.com/index.php?/topic/72455-antimalware-scan-service/
| BitDefender Enterprise | Y | 05/25/2021 | https://twitter.com/Bitdefender_Ent/status/1397187195669295111?s=20
| Blackberry Optics (Cylance) | Y | | https://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/blackberry-optics/2-5/CylanceOPTICS-Admin-Guide.pdf |
| Carbon Black | Y | 03/18/2020 | https://www.carbonblack.com/2020/03/18/detecting-fileless-attacks-with-enterprise-edrs-amsi-visibility/|
| Check Point Harmony Endpoint | Y | 01/03/2019 | https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-E80-90-Client-released/m-p/20613#M460 |
| Cisco Secure Endpoint | | | |
| Comodo | Y | | https://help.comodo.com/uploads/helpers/Comodo_Client_Security_11.3_User_Guide.pdf |
| CrowdStrike Falcon | Y | 12/18/2018 | https://www.freepatentsonline.com/y2019/0188384.html |
| Cybereason | Y | 11/30/2021 | https://www.cybereason.com/blog/cybereason-v21.1-lts-advancing-prevention-detection-and-response |
| Cynet 360 Autonomous Breach Protection Platform | | | |
| Elastic | | | |
| ESET Enterprise Inspector | Y | 04/12/2017 | https://forum.eset.com/topic/11645-beta-eset-endpoint-security-66-is-available-for-evaluation
| F-Secure Elements | Y | | https://help.f-secure.com/product.html?business/computer-protection-windows/latest/en/task_ED11EEBB08DD4583AFA13EA59D3FC768-latest-en |
| FireEye HX | Y | 04/26/2021 | https://www.fireeye.com/blog/products-and-services/2021/04/everybody-wins-in-mitre-attack-evaluations.html |
| Fortinet | Y | | https://docs.fortinet.com/document/forticlient/6.4.3/ems-administration-guide/447132/malware-protection |
| Kaspersky Anti Targeted Attack Platform | Y | 10/10/2018 | https://help.kaspersky.com/KIS/2019/en-US/119653.htm |
| MalwareBytes | | |
| McAfee | Y | 06/25/2018 | https://kc.mcafee.com/corporate/index?page=content&id=PD27443
| Palo Alto Networks Cortex | Y | 2/9/2021 | https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/#:~:text=In%20addition%2C%20the%20Cortex%20XDR%20Agent%20features%20Behavioral%20Threat%20Protection%20modules%20leveraging%20the%20Anti%2DMalware%20Scan%20Interface%20(AMSI)%20to%20block%20PowerShell%20scripts. |
| Panda Adaptive Defense 360 | | | |
| SentinelOne Singularity | Y | 10/14/2020 | https://support.sentinelone.com/hc/en-us/articles/1500005256241-How-the-SentinelOne-Agent-uses-Microsoft-AMSI-for-Detection |
| Sophos Intercept X Advanced | Y | 08/25/20 | https://support.sophos.com/support/s/article/KB-000039096?language=en_US Thanks, [@kmkz](https://github.com/kmkz)!|
| Symantec Advanced Threat Protection | Y | 07/15/2020 | https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/release-notes/Whats-new-for-Symantec-Endpoint-Protection-14_3-.html Thanks, [Jeff McJunkin](https://github.com/jeffmcjunkin)!|
| Trend Micro | Y | | https://cloudone.trendmicro.com/docs/workload-security/anti-malware-scan-configure/ |
| Microsoft Defender for Endpoint | Y | 06/09/2015 | https://www.microsoft.com/security/blog/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/