Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Environment

Enterprise EDR: 3.5.x and Higher
Microsoft Windows 10 version 1703 and Later
Microsoft Windows Server 2016 version 1703 and Later
Microsoft Windows Server 2019 (all versions)

Question

What version of the (Formerly ThreatHunter) sensor supports gathering AMSI information?

Answer

AMSI support was added in the 3.5 version of the sensor

Additional Notes

The Windows 3.6 Sensor will add support for the AMSI fields scriptload_content and scriptload_content_length but only when using the 3.6 version

Related Content

Detecting Fileless Attacks with Enterprise EDR’s AMSI Visibility | VMware Carbon Black
Windows Server release information

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

5440