On Windows 10, apps can actively defend users from malware
Posted on 10.06.2015
With Windows 10, Microsoft will be adding a new layer of protection against dynamic ******-based malware and non-traditional avenues of cyberattack: the Antimalware Scan Interface (AMSI).
The interface is there for application developers and antivirus vendors to use....
"While the malicious ****** might go through several passes of deobfuscation, it ultimately needs to supply the scripting engine with plain, unobfuscated code. When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content," Lee Holmes, MMPC Principal Software Engineer.
Third-party developers of antimalware products should seriously consider implementing support for AMSI, as their engine can gain insight into the data that applications (including Windows’ built-in scripting hosts) consider potentially malicious.
