Windows 10: How to scan for malware using McAfee through AMSI

Discus and support How to scan for malware using McAfee through AMSI in AntiVirus, Firewalls and System Security to solve the problem; We are attempting to determine whether an uploaded file Excel in this case, but could be anything contains malware. The solution is developed in C#.... Discussion in 'AntiVirus, Firewalls and System Security' started by ebenroux, Mar 30, 2020.

  1. ebenroux Win User

    How to scan for malware using McAfee through AMSI


    We are attempting to determine whether an uploaded file Excel in this case, but could be anything contains malware. The solution is developed in C#.


    To determine whether AMSI is available I am calling the following only pertinent bits shown:


    const string EicarTestString = @"X5O!P%@AP[4\PZX54P^7CC7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";


    AmsiNativeMethods.AmsiScanString_context, EicarTestString, "EICAR", session, out scanResult


    When using Windows Defender the scanResult value correctly identifies the EICAR test string as malware.


    However, when using McAfee the original issue was that the malware was detected and the test application was simply blocked and the process killed. After contacting McAfee our security department made some changes and then the test application could run without being killed but the scanResult is returned as 0. This would indicate that there is no malware which is incorrect.


    We have been engaging with McAfee and sent all manner of logs. They have now suggested we engage with Microsoft which is why I am asking about this here for now.


    Any ideas?

    :)
     
    ebenroux, Mar 30, 2020
    #1
  2. Ahmet#K Win User

    Windows Defender - Scan API vs AMSI

    Hello,

    I'm using Windows Defender's legacy API to scan the output generated (fetched from various web sites) from my own application, if it's infected with malware or not.

    At first i've tried to use Windows Defender with AMSI interface but that interface doesn't provide any details about the found malware. It just gives result true or false depending on if malware found or not. But i have to report the details of malware.

    So i switched back to WD legacy api to scan malware. I'm writing my program's output to a file and scan it with WD legacy api which also provides me

    ThreatInfo
    struct that contains the all info about the detected malware.

    But whenever i write my program's output to a file WD may sometimes scan and quarantine the file before i scan. So i decided to exclude that folder from WD which also causes API to skip scanning the explicit file that i try to scan with legacy api.

    In the end i've two problems / questions:

    1) Does AMSI interface provides a technique to get details of the scanned malware?

    2) How can i prevent WD to scan my program's generated files before i scan and get it's details from WD api.

    Btw, MSDN says
    this is the legacy api
    , is there a new API to use WD?
     
    Ahmet#K, Mar 30, 2020
    #2
  3. Jsssssssss, Mar 30, 2020
    #3
  4. Brink Win User

    How to scan for malware using McAfee through AMSI

    Office VBA + AMSI: Parting the veil on malicious macros


    Source: Office VBA + AMSI: Parting the veil on malicious macros - Microsoft Secure
     
    Brink, Mar 30, 2020
    #4
Thema:

How to scan for malware using McAfee through AMSI

Loading...
  1. How to scan for malware using McAfee through AMSI - Similar Threads - scan malware using

  2. how can I uninstall MCAFEE scan plus?

    in Windows 10 Gaming
    how can I uninstall MCAFEE scan plus?: how can I uninstall MCAFEE scan plus? https://answers.microsoft.com/en-us/windows/forum/all/how-can-i-uninstall-mcafee-scan-plus/a70cbbfd-7721-48f0-ae5f-1184c64e34eb
  3. how can I uninstall MCAFEE scan plus?

    in Windows 10 Software and Apps
    how can I uninstall MCAFEE scan plus?: how can I uninstall MCAFEE scan plus? https://answers.microsoft.com/en-us/windows/forum/all/how-can-i-uninstall-mcafee-scan-plus/a70cbbfd-7721-48f0-ae5f-1184c64e34eb
  4. how can I uninstall MCAFEE scan plus?

    in Windows 10 BSOD Crashes and Debugging
    how can I uninstall MCAFEE scan plus?: how can I uninstall MCAFEE scan plus? https://answers.microsoft.com/en-us/windows/forum/all/how-can-i-uninstall-mcafee-scan-plus/a70cbbfd-7721-48f0-ae5f-1184c64e34eb
  5. Are VHD's malware scanned?

    in Windows 10 Ask Insider
    Are VHD's malware scanned?: When I mount a .VHD, there does not seem to be any HD activity from a malware scan. If I invoke the scan manually against the VHD, then I see the activity from the scan in Perf Mon. I don't see any log entries that say a scan was done. Are VHD's scanned and how can I verify...
  6. McAfee scanning

    in AntiVirus, Firewalls and System Security
    McAfee scanning: Hello. I cant get my McAfee to stop continuously scanning. I x out and it starts up again. I manually set the scan time and it just keeps restarting to scan. https://answers.microsoft.com/en-us/protect/forum/all/mcafee-scanning/e8c5f192-5888-4050-9222-5465673cd6d5
  7. How do I scan for malware?

    in Windows 10 Customization
    How do I scan for malware?: I have found that my husbands and my email addresses have been found on the dark web and it was suggested to scan my computer first. I don't know what to do to scan. Should I also scan my smart phone?...
  8. McAfee Scan

    in Windows 10 Installation and Upgrade
    McAfee Scan: After this scan an error message appears "setup.exe not detected. How can I solve this? https://answers.microsoft.com/en-us/windows/forum/all/mcafee-scan/6c6a8417-e796-4c87-b380-bb1873757fd2
  9. Windows Defender - Scan API vs AMSI

    in AntiVirus, Firewalls and System Security
    Windows Defender - Scan API vs AMSI: Hello, I'm using Windows Defender's legacy API to scan the output generated (fetched from various web sites) from my own application, if it's infected with malware or not. At first i've tried to use Windows Defender with AMSI interface but that interface doesn't provide...
  10. Antimalware Scan Interface <> AMSI -how to disable COMPLETELY??

    in AntiVirus, Firewalls and System Security
    Antimalware Scan Interface <> AMSI -how to disable COMPLETELY??: Greetings. I'm using BitDefender Internet Security, but sometimes some internetsites are blocked by AMSI, which is part of Windows 10 Antimalware Scan Interface (Windows) How do I turn this completely off?? I have a lifetime license to Malwarebytes, and for some reasons...