Support

Support for business applications

Kaspersky Endpoint Security 11 for Windows

Appendices

Appendix 1. Application settings

AMSI Protection

Kaspersky Endpoint Security 11 for Windows
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools Product videos

AMSI Protection

April 25, 2024

ID 176740

Get as PDF

AMSI Protection component is intended to support Antimalware Scan Interface from Microsoft. The Antimalware Scan Interface (AMSI) allows third-party applications with AMSI support to send objects (for example, PowerShell scripts) to Kaspersky Endpoint Security for an additional scan and then receive the results from scanning these objects. Third-party applications may include, for example, Microsoft Office applications (see the figure below). For details on AMSI, please refer to the Microsoft documentation.

The AMSI Protection can only detect a threat and notify a third-party application about the detected threat. Third-party application after receiving a notification of a threat does not allow to perform malicious actions (for example, terminates).

AMSI operation example

AMSI Protection component may decline a request from a third-party application, for example, if this application exceeds maximum number of requests within a specified interval. Kaspersky Endpoint Security sends information about a rejected request from a third-party application to the Administration Server. The AMSI Protection component does not deny requests from those third-party applications for which continuous integration with the AMSI Protection component is enabled.

AMSI Protection is available for the following operating systems for workstations and servers:

  • Windows 10 Home / Pro / Pro for Workstations / Education / Enterprise;
  • Windows 11 Home / Pro / Pro for Workstations / Education / Enterprise;
  • Windows Server 2016 Essentials / Standard / Datacenter;
  • Windows Server 2019 Essentials / Standard / Datacenter;
  • Windows Server 2022.

    AMSI Protection settings

    Parameter

    Description

    Scan archives

    Scanning ZIP, GZIP, BZIP, RAR, TAR, ARJ, CAB, LHA, JAR, ICE, and other archives. The application scans archives not only by extension, but also by format. When checking archives, the application performs a recursive unpacking. This allows to detect threats inside multi-level archives (archive within an archive).

    Scan distribution packages

    This check box enables/disables scanning of third-party distribution packages.

    Scan files in Microsoft Office formats

    Scans Microsoft Office files (DOC, DOCX, XLS, PPT and other Microsoft extensions). Office format files include OLE objects as well.

    Do not unpack large compound files

    If this check box is selected, the application does not scan compound files if their size exceeds the specified value.

    If this check box is cleared, the application scans compound files of all sizes.

    The application scans large files that are extracted from archives regardless of whether the check box is selected or not.

See also: Managing the application via the local interface

Enabling and disabling the AMSI Protection

Using AMSI Protection to scan compound files

Kaspersky Endpoint Security for Windows: Detection of advanced threats
Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.