AMSI Protection Provider is intended to support Antimalware Scan Interface from Microsoft. Antimalware Scan Interface (AMSI) allows a third-party application with AMSI support to send objects (for example, PowerShell scripts) to Kaspersky Endpoint Security for additional scan and to receive scan results for these objects. For details on AMSI refer to Microsoft documentation.
AMSI Protection Provider can only detect and notify a third-party application of threats, but cannot process threats. Third-party application after receiving a notification of a threat does not allow to perform malicious actions (for example, terminates). If the object has been added to a scan exclusion, AMSI Protection Provider does not perform a scan when it receives a request from a third-party application.
AMSI Protection Provider may decline a request from a third-party application, for example, if this application exceeds maximum number of requests within a specified interval. Kaspersky Endpoint Security sends information about a rejected request from a third-party application to the Administration Server. The AMSI Protection Provider component does not reject requests from those third-party applications for which the Do not block interaction with AMSI Protection Provider check box is selected
AMSI Protection Provider is available for the following operating systems for workstations and file servers: