Is there a method to programmatically designate a specific antivirus (AV) for scanning with AMSI if multiple AVs are concurrently active on the system?

PradeepKumar Yadav 0 Reputation points
2024-04-25T06:30:04.8933333+00:00

I'm seeking guidance on managing antivirus (AV) selection programmatically within the context of using the Antimalware Scan Interface (AMSI). In my scenario, multiple AV solutions might be present and active on a system. I need to implement a method to dynamically choose one specific AV for file scanning purposes when invoking AMSI. This selection process is crucial for ensuring efficient and effective malware detection and mitigation within my application. Any insights or suggestions on how to achieve this programmatically would be greatly appreciated.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,426 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Xiaopo Yang - MSFT 11,496 Reputation points Microsoft Vendor
    2024-04-26T02:15:20.9166667+00:00

    Hello @PradeepKumar Yadav,

    According to Third-party creators of antimalware products, you can specify the AMSI provider for example SampleAmsiProvider in IAntimalware::Scan.

    As a creator of antimalware products, you can choose to author and register your own in-process COM server (a DLL) to function as an AMSI provider. That AMSI provider must implement the IAntimalwareProvider interface, and it must run in-process.

    0 comments