Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Enterprise EDR: 3.5.x and Higher
Microsoft Windows 10 version 1703 and Later
Microsoft Windows Server 2016 version 1703 and Later
Microsoft Windows Server 2019 (all versions)

Question

What version of the (Formerly ThreatHunter) sensor supports gathering AMSI information?

Answer

AMSI support was added in the 3.5 version of the sensor

Additional Notes

The Windows 3.6 Sensor will add support for the AMSI fields scriptload_content and scriptload_content_length but only when using the 3.6 version

Related Content

Detecting Fileless Attacks with Enterprise EDR’s AMSI Visibility | VMware Carbon Black
Windows Server release information

Article Information

Author:

Creation Date:

‎09-09-2020

Views:

7958

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.