This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 28.000000000000004%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Hello,
I need more clarification on this aspect:
By default, Microsoft Defender Antivirus (MDAV), an AMSI-capable solution, is automatically enabled and installed on endpoints and devices that are running Windows 10, Windows Server 2016, and later. If you haven't installed an antivirus/anti-malware application, SharePoint Server AMSI integration will work with MDAV. So, you do not need to a third-party antivirus.
This means that MDAV will scan in real time uploaded files (on a sharepoint site) and block them if they are malicious?
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi Adelina Slavu.
Below is a breakdown based on real-time scanning and blocking of Malicious files
Further to ascertain that you can go further and test AMSI integration with the Sharepoint Server. Below are the steps.
You can now test and verify the Antimalware Scan Interface (AMSI) feature by including a test string in the requests that you send to the SharePoint Server. The test string isn’t dangerous, but if AMSI integration is enabled in SharePoint Server and is using Microsoft Defender as its malware detection engine, then Microsoft Defender detects the string and blocks the request as if it was malicious.
Steps:
The test string is similar to EICAR test file but differs slightly to avoid URL encoding confusion.
You can verify the test string by using either in a query string or including in a HTTP header in your request to the SharePoint Server.
Refer to: https://microsoft.github.io/CSS-Exchange/Admin/Test-AMSI/
Note
If you are using a malware detection engine other than Microsoft Defender, then you should check with your malware detection engine vendor to determine the best way to test your integration with the AMSI feature in SharePoint Server.
If you find the answer above helpful, please Accept the answer to help anyone in the community who might have a similar question to quickly find the solution.
On the sharepoint server I enabled MDAV( real-time protection enabled), and also AMSI.
I tested uing this powershell command "Invoke-WebRequest -Uri "https://servername/sites/sitename?amsiscantest:x5opap4pzx54p7cc7$eicar-standard-antivirus-test-fileh+h*" -Method GET" And I can find into event Viwer that MDAV is detected the signature of the malware files.
But if I am uploading an EICAR file on a portal hosted on the Sharepoint server, MDAV is not detcting it. I specify that fIles are directly stored on a dedicated database serever. Should I activate MDAV also on the databse server?
Depending on whether you are using SharePoint Server 2016/2019 or earlier versions of SharePoint Server Subscription, you may need to follow some manual steps to activate the AMSI integration for each web application. https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/configure-amsi-integration#configure-amsi-via-user-interface.
Ensure that the included endpoints contain the whole request URI path