AMSI Protection Provider is intended to support Antimalware Scan Interface from Microsoft. Antimalware Scan Interface (AMSI) allows a third-party application with AMSI support to send objects (for example, PowerShell scripts) to Kaspersky Endpoint Security for additional scan and to receive scan results for these objects. For details on AMSI refer to Microsoft documentation.
AMSI Protection Provider can only detect and notify a third-party application of threats, but cannot process threats. Third-party application after receiving a notification of a threat does not allow to perform malicious actions (for example, terminates). If the object has been added to a scan exclusion, AMSI Protection Provider does not perform a scan when it receives a request from a third-party application.
AMSI Protection Provider may decline a request from a third-party application, for example, if this application exceeds maximum number of requests within a specified interval. Kaspersky Endpoint Security sends information about a rejected request from a third-party application to the Administration Server. The AMSI Protection Provider component does not reject requests from those third-party applications for which the Do not block interaction with AMSI Protection Provider check box is selected
AMSI Protection Provider is available for the following operating systems for workstations and file servers:
AMSI Protection Provider component settings
Parameter |
Description |
|---|---|
Scan archives |
This check box enables/disables scanning of archives in RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE formats. |
Scan distribution packages |
This check box enables/disables scanning of third-party distribution packages. |
Scan Office formats |
This check box enables/disables scanning of files in office formats. |
Do not unpack large compound files |
If this check box is selected, Kaspersky Endpoint Security does not scan compound files whose size exceeds the value that is specified in the Maximum file size field. If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes. Kaspersky Endpoint Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected. |