Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/subat0mik/whoamsi

An effort to track security vendors' use of Microsoft's Antimalware Scan Interface
https://github.com/subat0mik/whoamsi

Last synced: about 1 month ago
JSON representation

An effort to track security vendors' use of Microsoft's Antimalware Scan Interface

Host: GitHub
URL: https://github.com/subat0mik/whoamsi
Owner: subat0mik
License: gpl-3.0
Created: 2019-09-20T03:44:04.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2022-02-22T14:31:08.000Z (almost 3 years ago)
Last Synced: 2024-02-12T21:19:40.291Z (11 months ago)
Size: 29.3 KB
Stars: 216
Watchers: 15
Forks: 16
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - subat0mik/whoamsi - An effort to track security vendors' use of Microsoft's Antimalware Scan Interface (Others)

README

        The purpose of this page is to be a repository of endpoint protection (AV, EDR, etc) that uses Microsoft's Antimalware Scan Interface (AMSI). This will provide some context around endpoint protection and possible attack vectors. Products with information missing have not been verified yet. This project expands on the work done by [@Lee_Holmes](https://twitter.com/Lee_Holmes) and [@PyroTek3](https://twitter.com/PyroTek3) by keeping a publicly available list up-to-date. 

| Vendor/Product  | AMSI | Date | Reference |

| -------- | -------- | -------- | -------- |

| Avast | Y | 03/20/2016 | https://forum.avast.com/index.php?topic=184491.msg1300884#msg1300884

| AVG | Y | 03/08/2016 | https://support.avg.com/answers?id=906b00000008oUTAAY

| BitDefender Consumer | Y | 09/20/2016 | https://forum.bitdefender.com/index.php?/topic/72455-antimalware-scan-service/

| BitDefender Enterprise | Y | 05/25/2021 | https://twitter.com/Bitdefender_Ent/status/1397187195669295111?s=20

| Blackberry Optics (Cylance) | Y | | https://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/blackberry-optics/2-5/CylanceOPTICS-Admin-Guide.pdf |

| Carbon Black | Y | 03/18/2020 | https://www.carbonblack.com/2020/03/18/detecting-fileless-attacks-with-enterprise-edrs-amsi-visibility/|

| Check Point Harmony Endpoint | Y | 01/03/2019 | https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-E80-90-Client-released/m-p/20613#M460 |

| Cisco Secure Endpoint | | | |

| Comodo | Y | | https://help.comodo.com/uploads/helpers/Comodo_Client_Security_11.3_User_Guide.pdf |

| CrowdStrike Falcon | Y | 12/18/2018 | https://www.freepatentsonline.com/y2019/0188384.html |

| Cybereason | Y | 11/30/2021 | https://www.cybereason.com/blog/cybereason-v21.1-lts-advancing-prevention-detection-and-response |

| Cynet 360 Autonomous Breach Protection Platform | | | |

| Elastic | | | |

| ESET Enterprise Inspector | Y | 04/12/2017 | https://forum.eset.com/topic/11645-beta-eset-endpoint-security-66-is-available-for-evaluation

| F-Secure Elements | Y | | https://help.f-secure.com/product.html?business/computer-protection-windows/latest/en/task_ED11EEBB08DD4583AFA13EA59D3FC768-latest-en |

| FireEye HX | Y | 04/26/2021 | https://www.fireeye.com/blog/products-and-services/2021/04/everybody-wins-in-mitre-attack-evaluations.html |

| Fortinet | Y | | https://docs.fortinet.com/document/forticlient/6.4.3/ems-administration-guide/447132/malware-protection |

| Kaspersky Anti Targeted Attack Platform | Y | 10/10/2018 | https://help.kaspersky.com/KIS/2019/en-US/119653.htm |

| MalwareBytes | | |

| McAfee | Y | 06/25/2018 | https://kc.mcafee.com/corporate/index?page=content&id=PD27443

| Palo Alto Networks Cortex | Y | 2/9/2021 | https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/#:~:text=In%20addition%2C%20the%20Cortex%20XDR%20Agent%20features%20Behavioral%20Threat%20Protection%20modules%20leveraging%20the%20Anti%2DMalware%20Scan%20Interface%20(AMSI)%20to%20block%20PowerShell%20scripts. |

| Panda Adaptive Defense 360 | | | |

| SentinelOne Singularity | Y | 10/14/2020 | https://support.sentinelone.com/hc/en-us/articles/1500005256241-How-the-SentinelOne-Agent-uses-Microsoft-AMSI-for-Detection |

| Sophos Intercept X Advanced |   Y  | 08/25/20    | https://support.sophos.com/support/s/article/KB-000039096?language=en_US Thanks, [@kmkz](https://github.com/kmkz)!|

| Symantec Advanced Threat Protection | Y | 07/15/2020 | https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/release-notes/Whats-new-for-Symantec-Endpoint-Protection-14_3-.html Thanks, [Jeff McJunkin](https://github.com/jeffmcjunkin)!|

| Trend Micro | Y | | https://cloudone.trendmicro.com/docs/workload-security/anti-malware-scan-configure/ |

| Microsoft Defender for Endpoint | Y | 06/09/2015 | https://www.microsoft.com/security/blog/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/