Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: What Version of the Sensor Supports AMSI Capabilities?

Enterprise EDR: What Version of the Sensor Supports AMSI Capabilities?

Environment

  • Enterprise EDR: 3.5.x and Higher
  • Microsoft Windows 10 version 1703 and Later
  • Microsoft Windows Server 2016 version 1703 and Later
  • Microsoft Windows Server 2019 (all versions)

Question

What version of the (Formerly ThreatHunter) sensor supports gathering AMSI information?

Answer

AMSI support was added in the 3.5 version of the sensor

Additional Notes

The Windows 3.6 Sensor will add support for the AMSI fields scriptload_content and scriptload_content_length but only when using the 3.6 version

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
6798
Contributors