The AMSI Protection component allows Microsoft Office applications and other third-party programs to send requests to scan objects for viruses and other threats using Microsoft Windows Antimalware Scan Interface (AMSI). For more information on AMSI, refer to Microsoft documentation.
If AMSI Protection is enabled, Kaspersky Security can scan an object upon an AMSI request and send the scan result to the application that sent the request. After receiving a threat notification, a third-party application can prevent malicious actions (for example, by shutting down).
For the AMSI Protection component to operate on a protected virtual machine, the Light Agent installed on that virtual machine must be connected to the SVM. If the connection is broken, operation of the AMSI Protection component is suspended, requests for scanning objects are not executed, information about unscanned objects is saved to a report available in the local interface of Light Agent for Windows.
You can configure object scan settings by AMSI requests. While scanning, Kaspersky Security can apply the configured protection and scan exclusions.
Kaspersky Security can block third-party application interaction with the AMSI Protection component and reject AMSI requests from a third-party application, for example, if the maximum number of requests per time interval from this application has been exceeded. In this case, Kaspersky Security sends information about the AMSI request rejection to the Kaspersky Security Center Administration Server. If you want Kaspersky Security not to reject requests from an application, even if the maximum number of requests has been exceeded, add this application to the list of trusted applications and configure the Do not block interaction with AMSI protection exclusion for this application.
Installation and operation of the AMSI Protection component is not supported on virtual machines with guest OS version lower than Windows 10 and Windows Server 2016.