Is AMSI enabled by default in Defender AV or needs to be enabled? If so is there a control available in Intune?
Is AMSI enabled by default in Defender AV or needs to be enabled? If so is there a control available in Intune?
@PaD-7009 Thanks for posting in our Q&A.
For this issue, AMSI is just an API and it isn't an application. We will call this API to request a scan of the content when writing scripts.
https://docs.microsoft.com/en-us/windows/win32/amsi/how-amsi-helps
I have done a lot of research, there is no control about AMSI in intune.
Thanks for understanding.
AMSI is nothing to do with the Microsoft Intune, this is an interface where the developer could call and implement into their application and in case you are a developer you may implement it. However, it has been implemented by default in Microsoft script components like the Windows PowerShell and in case Microsoft Defender is on and user enter an malicious script, it will be blocked.
Got an confirmation from Microsoft PM too, "Windows Defender AV is automatically registered to work with AMSI".
4 people are following this question.