Sharepoint on premises AMSI and Antivirus scan documents on upload

Daniel 61 Reputation points
2024-01-24T13:44:48.0833333+00:00

Hi,

I have a couple of questions regarding AMSI capabilities and how to enable the "scan document on upload" feature in central admin.

  1. What exactly does the AMSI feature on a web application actually do and don't do? It handles malicious web requests is the general explanation. Can anyone shed anymore light on this? Do we still need a third party AV to enable the "scan document on upload" feature in central admin?
  2. What are the compatible AV solutions that can scan documents on upload? Defender is sometimes being advertised as "Microsoft defender with AV". We have some type of defender solution. I don't know exactly which, I don't work with that implementation.
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,810 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emily Du-MSFT 41,941 Reputation points Microsoft Vendor
    2024-01-25T09:18:28.96+00:00

    1.When an AMSI-capable antivirus or anti-malware solution is integrated with SharePoint Server, it can examine HTTP and HTTPS requests made to the server and prevent SharePoint Server from processing dangerous requests. Any AMSI-capable antivirus or anti-malware program that is installed on the server performs the scan as soon as the server starts to process the request.

    2.By default, Microsoft Defender Antivirus (MDAV), an AMSI-capable solution, is automatically enabled and installed on endpoints and devices that are running Windows 10, Windows Server 2016, and later. If you haven't installed an antivirus/anti-malware application, SharePoint Server AMSI integration will work with MDAV. So, you do not need to a third-party antivirus.

    3.I suggest you use Microsoft Defender Antivirus (MDAV). The benefits of using MDAV on SharePoint Server include:

    • MDAV fetches signatures that match malicious content. If Microsoft learns about an exploit that can be blocked, a new MDAV signature can be deployed to block the exploit from affecting SharePoint.
    • Using existing technology to add signatures for the malicious content.
    • Using the expertise of Microsoft's malware research team for adding signatures.
    • Using best practices that MDAV already applies for adding other signatures.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.