Antimalware Scan Interface

Purpose

The Antimalware Scan Interface (AMSI) is a generic interface standard that allows applications and services to integrate with any antimalware product present on a machine. It provides enhanced malware protection for users and their data, applications, and workloads.

AMSI is antimalware vendor agnostic, designed to allow for the most common malware scanning and protection techniques provided by today's antimalware products that can be integrated into applications. It supports a calling structure allowing for file and memory or stream scanning, content source URL/IP reputation checks, and other techniques.

AMSI also supports the notion of a session so that antimalware vendors can correlate different scan requests. For instance, the different fragments of a malicious payload can be associated to reach a more informed decision, which would be much harder to reach just by looking at those fragments in isolation.

Developer audience

The Antimalware Scan Interface is designed for use by two groups of developers:

  • App developers who want to make requests to antimalware products from within their apps.
  • Third-party creators of antimalware products who want their products to offer the best features to apps.

In this section

Topic Description
Antimalware Scan Interface Reference
Enumerations, interfaces, and other programming elements of the AMSI API