16 September 18, 13:49
Quote:Microsoft extends support for its Antimalware Scan Interface (AMSI) to Office 365 client applications, offering its customers protection against script-based threats at runtime.
AMSI has been around since since 2015, in Windows 10 Technical Preview. It allows applications and services to communicate with a security product on the system and request at runtime a scan of a memory buffer.
The interface is generic, so it works with any antimalware solution that implements it. Because it is available only for Windows 10, and antivirus makers have to cover multiple platoform, its adoption was slow initially, but at the moment support is available in all major antivirus products.
Integrating AMSI into Office 365 client applications aims to deliver protection against malicious macros in the final stage of the attack when the scripting engine runs the code in its plain, unobfuscated form.
To cover a wide attack surface, AMSI integrates with VBScript, JavaScript, and PowerShell engines. These are typical choices for running code that downloads or leads to downloading malware embedded in Office documents macros.
Source: https://www.bleepingcomputer.com/news/se...us-macros/