AMSI Protection Provider
AMSI Protection Provider is intended to support Antimalware Scan Interface from Microsoft. The Antimalware Scan Interface (AMSI) allows third-party applications with AMSI support to send objects (for example, PowerShell scripts) to Kaspersky Endpoint Security for an additional scan and then receive the results from scanning these objects. Third-party applications may include, for example, Microsoft Office applications (see the figure below). For details on AMSI refer to Microsoft documentation.
The AMSI Protection Provider can only detect a threat and notify a third-party application about the detected threat. Third-party application after receiving a notification of a threat does not allow to perform malicious actions (for example, terminates).
AMSI operation example
AMSI Protection Provider may decline a request from a third-party application, for example, if this application exceeds maximum number of requests within a specified interval. Kaspersky Endpoint Security sends information about a rejected request from a third-party application to the Administration Server. The AMSI Protection Provider component does not reject requests from those third-party applications for which the Do not block interaction with AMSI Protection Provider check box is selected
The AMSI Protection Provider is available for the following operating systems for workstations and file servers:
- Windows 10 Home / Pro / Education / Enterprise;
- Windows Server 2016 Essentials / Standard / Datacenter;
- Windows Server 2019 Essentials / Standard / Datacenter.
AMSI Protection Provider component settings
Parameter
Description
Scan archives
This check box enables/disables scanning of archives in RAR, ARJ, ZIP, CAB, LHA, JAR, and ICE formats.
Scan distribution packages
This check box enables/disables scanning of third-party distribution packages.
Scan Office formats
This check box enables or disables scanning of Microsoft Office files (DOC, DOCX, XLS, PPT, and others).
Office format files include OLE objects as well.
Do not unpack large compound files
If this check box is selected, Kaspersky Endpoint Security does not scan compound files if their size exceeds the specified value.
If this check box is cleared, Kaspersky Endpoint Security scans compound files of all sizes.
Kaspersky Endpoint Security scans large files that are extracted from archives, regardless of whether the Do not unpack large compound files check box is selected.