Software developers will have the opportunity to integrate their application to any antimalrware program (available on their computer) in windows 10.
Microsoft will be offering a totally new mechanism in its Windows 10, which will allow software developers to embed their apps with almost any antimalware program existing on the user’s computer. This new mechanism will be known as AMSI/ antimalware scan interface.
Windows Users Data on Display as Microsoft Drops it’s “Do Not Track” Policy
18-year-old Vulnerability Lets Attackers Steal Data From All Versions of Windows
The sole objective of this interface is to allow applications to send content to the locally installed antivirus programs in order to detect malware.
Microsoft claims that this advancement can prove to be highly beneficial especially while dealing with script content because malicious scripts usually bypass antivirus detection as they are obfuscated.
Typically, scripts get executed in the apps’ memory, which are designed to interpret them. Therefore, these don’t create files on the disk so that the antivirus programs could scan them.
Lee Holmes, Microsoft’s principal software engineer, explained it in his blog post, “While the malicious script might go through several passes of deobfuscation, it ultimately needs to supply the scripting engine with plain, unobfuscated code. When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content.”
Microsoft
TechNet
