Views:
Windows Antimalware Scan Interface (AMSI) is provided by Microsoft in Windows 10 and later. Server & Workload Protection uses AMSI to help detect malicious scripts. By default, this option is enabled in Server & Workload Protection malware scan configurations.

Procedure

  1. Go to Policies Common Objects Other Malware Scan Configurations.
  2. Identify the malware scan configuration you want to edit, right-click it and select Properties.
  3. On the General tab, under Windows Antimalware Scan Interface (AMSI) select Enable AMSI protection.
  4. If you are using the agent version 20.0.1.25770 or later, configure Detection level and Prevention level.
    Unsupported agent versions use the default level of 2 - Moderate and cannot be modified.
    Higher levels provide greater sensitivity but might generate a large number of nonessential logs and impact endpoint performance. Trend Micro recommends selecting 2 - Moderate for more relevant data with minimal impact on your endpoints.
    The Prevention level must be the same or lower than Detection level.
    The Action to take selection might affect the prevention actions taken for the selected prevention level.
  5. For Action to take, select the remediation action that you want Server & Workload Protection to take when it detects malware:
    • Terminate: Stops execution or running of the detected process.
    • Pass: Server & Workload Protection records an Anti-Malware Event without taking action on the process.
  6. Click OK.