question

PaD-7009 avatar image
0 Votes"
PaD-7009 asked PaD-7009 commented

Intune + AMSI (Defender AV feature)

Is AMSI enabled by default in Defender AV or needs to be enabled? If so is there a control available in Intune?

mem-intune-generalmem-intune-device-configurations
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@PaD-7009 Thanks for posting in our Q&A.

For this issue, AMSI is just an API and it isn't an application. We will call this API to request a scan of the content when writing scripts.
https://docs.microsoft.com/en-us/windows/win32/amsi/how-amsi-helps

I have done a lot of research, there is no control about AMSI in intune.

Thanks for understanding.

0 Votes 0 ·

1 Answer

Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered PaD-7009 commented

AMSI is nothing to do with the Microsoft Intune, this is an interface where the developer could call and implement into their application and in case you are a developer you may implement it. However, it has been implemented by default in Microsoft script components like the Windows PowerShell and in case Microsoft Defender is on and user enter an malicious script, it will be blocked.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Got an confirmation from Microsoft PM too, "Windows Defender AV is automatically registered to work with AMSI".

0 Votes 0 ·