Antimalware Scan Interface (AMSI) protection may not be working (SharePoint Server)

APPLIES TO: 2013 2016 2019 Subscription Edition SharePoint in Microsoft 365

Rule Name: Antimalware Scan Interface (AMSI) protection may not be working.

Summary: Antimalware Scan Interface (AMSI) protection is enabled for one or more web applications in the SharePoint farm. However, SharePoint didn't receive the expected response from the antimalware scan engine when verifying that this protection is working. Web applications may not be protected on the servers listed in the Failing Servers section of this health analyzer report.

Cause: AMSI running prerequisites aren't met, or the real-time protection service of the antimalware scan engine isn't enabled.

Resolution: Ensure the prerequisites to activate AMSI

For example, AMSI would only work on Windows Server 2016 or higher. For more information on other prerequisites, see Prerequisites or you can deactivate AMSI for SharePoint Server to turn off this health rule alarm.

Resolution: Enable the real-time protection service

If you're using Microsoft Defender as your antimalware scan engine, ensure that real-time protection is enabled on each server listed in the "Failing Servers" section of this health report.

1. Select the Start button.

2. Select Settings.

3. Select Update & Security.

4. Select Windows Security.

5. Select Virus & protection settings.

6. Select Manage settings.

7. Ensure Real-time protection is set to On.