Researchers have outlined the most popular tools and techniques used by threat actors to try and bypass Microsoft's Antimalware Scan Interface (AMSI).
Making its debut in 2015, AMSI is a vendor-agnostic interface designed to integrate anti-malware products on a Windows machine and better protect end users, supporting features including scan request correlation and content source URL/IP reputation checks.
AMSI's integration with Office 365 was recently upgraded to include Excel 4.0 (XLM) macro scanning to try and combat the increase of malicious macros as an infection vector.
Microsoft's security solution is a barrier that today's Windows malware developers often try to circumvent -- either by methods such as obfuscation, steganography, or by preventing a file from being scanned and detected as malicious in initial attack stages.
View Full Article
No entries found