Windows Defender - Scan API vs AMSI

Question

Hello,

I'm using Windows Defender's legacy API to scan the output generated (fetched from various web sites) from my own application, if it's infected with malware or not.

At first i've tried to use Windows Defender with AMSI interface but that interface doesn't provide any details about the found malware. It just gives result true or false depending on if malware found or not. But i have to report the details of malware.

So i switched back to WD legacy api to scan malware. I'm writing my program's output to a file and scan it with WD legacy api which also provides me ThreatInfo struct that contains the all info about the detected malware.

But whenever i write my program's output to a file WD may sometimes scan and quarantine the file before i scan. So i decided to exclude that folder from WD which also causes API to skip scanning the explicit file that i try to scan with legacy api.

In the end i've two problems / questions:

1. Does AMSI interface provides a technique to get details of the scanned malware?
2. How can i prevent WD to scan my program's generated files before i scan and get it's details from WD api.

Btw, MSDN says this is the legacy api, is there a new API to use WD?

Answer 1

Hi Ahmet,

Unfortunately, you will have to post it again. Sorry for inconvenience.

Answer 2

Hello Andre,

Could you move the post or do i have to re-post it again?

Answer 3

Due to the scope of your issue which relates to Developing Universal Windows apps, you would be best served redirecting this question to the dedicated Software Development forum on MSDN.

https://social.msdn.microsoft.com/Forums/window...

Sorry for the inconvenience of having to suggest the re-route, but MSDN has a lot of experts there that know the ins and outs of software development issues; especially Windows APIs. So, they will be better able to diagnose and determine the problem and find a possible solution.

Thanks for your corporation.