Integration with AMSI

The Anitmalware Scan Interface detects any malicious script or commands executed on the system. The collected data is later shared with Qualys Cloud Agent.

1. Select an incident from the Incidents tab to verify if the AMSI script is loaded.

2. From the Timeline, click the Amsi-script, the AMSI script event details is displayed.

AMSI script

3. The Script Content displays the encoded content of the script. To view the decoded content of the script, click Show decoded content. Copy and paste the path in the command prompt or powershell.

Decoded content AMSI Script

4. The Process tree displays the new script when its loaded.