We are pleased to announce that Antimalware Scanning Interface (AMSI) has gone live in Intercept X. It will be rolled out to existing customers over the next few weeks. New customers will automatically receive AMSI protection.
What is AMSI?
AMSI is a Microsoft interface in Windows 10, Windows Server 2016, and later that allows for scanning of script files (whether obfuscated or not), as well as .NET 4.8 assemblies.
How does it help keep customers safe?
Obfuscated scripts (e.g. PowerShell) are commonly used by attackers to compromise systems. AMSI protection enables us to better detect and block these attacks.
Which products get AMSI?
AMSI is now live for Intercept X Advanced (CIXA), Intercept X Advanced with EDR (CIXAEDR), and Central Endpoint Protection (CEP). AMSI is planned to GA for Intercept X for Server in CQ2.
Has the EAP closed?
No. IPS and other enhancements including CTFGuard, Dynamic shellcode protection, and APISetGuard are still in EAP. Existing customers who immediately want AMSI protection can join the EAP.