In the article Windows 10 to offer application developers new malware defenses, Microsoft software engineer Lee Holmes explains how the function then uses the AMSI API to scan the code when it is passed in plaintext form to the scripting engine. AMSI can also scan scripts that use tactics to conceal malicious code or layers of dynamic code. AMSI provides applications with the common techniques of an antivirus solution, such as scanning the hard drive and memory and analyzing content based on URL and IP address reputation checks. Microsoft describes the Antimalware Scan Interface ( AMSI) as a generic standard interface that allows application and services to interact with the antivirus solutions installed on the system. Microsoft’s introduction of the Antimalware Scan Interface ( AMSI) is designed to change this. Scripts that are executed directly from the memory are beyond the control of antivirus solutions. Some antivirus solutions are now able to identify known PowerShell malware, although only scripts that are written to the hard disk are detected. As a result, PowerShell has become a popular tool for hackers, because it is very effective and was long considered hard to detect. These scripting languages are integrated into the operating system, have a powerful range of functions and are also used to perform legitimate tasks. Script-based languages such as PowerShell, VBScript or JScript in Microsoft Windows are usually easy prey for hackers.
0 kommentar(er)
