The AMSI Protection component is intended to support Antimalware Scan Interface from Microsoft. The Antimalware Scan Interface (AMSI) allows third-party applications that use AMSI to send objects to Kaspersky Endpoint Security Cloud for an additional scan, and then receive the results from scanning these objects. Third-party applications may include, for example, Microsoft Office applications. For details on AMSI, please refer to the Microsoft documentation.
The AMSI Protection component can only detect a threat and notify a third-party application about the detected threat. After receiving a notification of a threat, a third-party application can prevent malicious actions. For example, if a third-party application accepts and executes a script, the application can request a scan of the script contents. Thus, the application can safely determine whether or not the script is malicious before executing it.
The AMSI Protection component can only scan objects not larger than 8 MB. It does not scan archives and distribution packages.
To enable or disable AMSI Protection on Windows devices:
The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.
In the list, select the security profile for the devices on which you want to configure the components.
The security profile properties window displays settings available for all devices.
By default, the AMSI Protection component is enabled.
After the security profile is applied, AMSI Protection is enabled or disabled on Windows devices.
Page top