Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/subat0mik/whoamsi

An effort to track security vendors' use of Microsoft's Antimalware Scan Interface
https://github.com/subat0mik/whoamsi

Last synced: 6 days ago
JSON representation

An effort to track security vendors' use of Microsoft's Antimalware Scan Interface

Awesome Lists containing this project

README

        

The purpose of this page is to be a repository of endpoint protection (AV, EDR, etc) that uses Microsoft's Antimalware Scan Interface (AMSI). This will provide some context around endpoint protection and possible attack vectors. Products with information missing have not been verified yet. This project expands on the work done by [@Lee_Holmes](https://twitter.com/Lee_Holmes) and [@PyroTek3](https://twitter.com/PyroTek3) by keeping a publicly available list up-to-date.

| Vendor/Product | AMSI | Date | Reference |
| -------- | -------- | -------- | -------- |
| Avast | Y | 03/20/2016 | https://forum.avast.com/index.php?topic=184491.msg1300884#msg1300884
| AVG | Y | 03/08/2016 | https://support.avg.com/answers?id=906b00000008oUTAAY
| BitDefender Consumer | Y | 09/20/2016 | https://forum.bitdefender.com/index.php?/topic/72455-antimalware-scan-service/
| BitDefender Enterprise | Y | 05/25/2021 | https://twitter.com/Bitdefender_Ent/status/1397187195669295111?s=20
| Blackberry Optics (Cylance) | Y | | https://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/blackberry-optics/2-5/CylanceOPTICS-Admin-Guide.pdf |
| Carbon Black | Y | 03/18/2020 | https://www.carbonblack.com/2020/03/18/detecting-fileless-attacks-with-enterprise-edrs-amsi-visibility/|
| Check Point Harmony Endpoint | Y | 01/03/2019 | https://community.checkpoint.com/t5/Endpoint/Endpoint-Security-E80-90-Client-released/m-p/20613#M460 |
| Cisco Secure Endpoint | | | |
| Comodo | Y | | https://help.comodo.com/uploads/helpers/Comodo_Client_Security_11.3_User_Guide.pdf |
| CrowdStrike Falcon | Y | 12/18/2018 | https://www.freepatentsonline.com/y2019/0188384.html |
| Cybereason | Y | 11/30/2021 | https://www.cybereason.com/blog/cybereason-v21.1-lts-advancing-prevention-detection-and-response |
| Cynet 360 Autonomous Breach Protection Platform | | | |
| Elastic | | | |
| ESET Enterprise Inspector | Y | 04/12/2017 | https://forum.eset.com/topic/11645-beta-eset-endpoint-security-66-is-available-for-evaluation
| F-Secure Elements | Y | | https://help.f-secure.com/product.html?business/computer-protection-windows/latest/en/task_ED11EEBB08DD4583AFA13EA59D3FC768-latest-en |
| FireEye HX | Y | 04/26/2021 | https://www.fireeye.com/blog/products-and-services/2021/04/everybody-wins-in-mitre-attack-evaluations.html |
| Fortinet | Y | | https://docs.fortinet.com/document/forticlient/6.4.3/ems-administration-guide/447132/malware-protection |
| Kaspersky Anti Targeted Attack Platform | Y | 10/10/2018 | https://help.kaspersky.com/KIS/2019/en-US/119653.htm |
| MalwareBytes | | |
| McAfee | Y | 06/25/2018 | https://kc.mcafee.com/corporate/index?page=content&id=PD27443
| Palo Alto Networks Cortex | Y | 2/9/2021 | https://www.paloaltonetworks.com/blog/security-operations/stopping-powershell-without-powershell/#:~:text=In%20addition%2C%20the%20Cortex%20XDR%20Agent%20features%20Behavioral%20Threat%20Protection%20modules%20leveraging%20the%20Anti%2DMalware%20Scan%20Interface%20(AMSI)%20to%20block%20PowerShell%20scripts. |
| Panda Adaptive Defense 360 | | | |
| SentinelOne Singularity | Y | 10/14/2020 | https://support.sentinelone.com/hc/en-us/articles/1500005256241-How-the-SentinelOne-Agent-uses-Microsoft-AMSI-for-Detection |
| Sophos Intercept X Advanced | Y | 08/25/20 | https://support.sophos.com/support/s/article/KB-000039096?language=en_US Thanks, [@kmkz](https://github.com/kmkz)!|
| Symantec Advanced Threat Protection | Y | 07/15/2020 | https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/release-notes/Whats-new-for-Symantec-Endpoint-Protection-14_3-.html Thanks, [Jeff McJunkin](https://github.com/jeffmcjunkin)!|
| Trend Micro | Y | | https://cloudone.trendmicro.com/docs/workload-security/anti-malware-scan-configure/ |
| Microsoft Defender for Endpoint | Y | 06/09/2015 | https://www.microsoft.com/security/blog/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/