Microsoft AMSI (Antimalware Scan Interface): PowerShell/VBS/JS/etc
Antimalware Scan Interface (AMSI)
https://docs.microsoft.com/en-us/windows/desktop/AMSI/antimalware-scan-interface-portal
How the Antimalware Scan Interface (AMSI) helps you defend against malware
https://docs.microsoft.com/en-us/windows/desktop/AMSI/how-amsi-helps
Developer audience, and sample code
https://docs.microsoft.com/en-us/windows/desktop/AMSI/dev-audience
Antimalware Scan Interface (AMSI) reference
https://docs.microsoft.com/en-us/windows/desktop/AMSI/antimalware-scan-interface-reference
Пример старого (2 года+) обхода (reported):
https://enigma0x3.net/2017/07/19/bypassing-amsi-via-com-server-hijacking/
И еще: https://rastamouse.me/2018/10/amsiscanbuffer-bypass/
https://docs.microsoft.com/en-us/windows/desktop/AMSI/antimalware-scan-interface-portal
How the Antimalware Scan Interface (AMSI) helps you defend against malware
https://docs.microsoft.com/en-us/windows/desktop/AMSI/how-amsi-helps
Developer audience, and sample code
https://docs.microsoft.com/en-us/windows/desktop/AMSI/dev-audience
Antimalware Scan Interface (AMSI) reference
https://docs.microsoft.com/en-us/windows/desktop/AMSI/antimalware-scan-interface-reference
Пример старого (2 года+) обхода (reported):
https://enigma0x3.net/2017/07/19/bypassing-amsi-via-com-server-hijacking/
И еще: https://rastamouse.me/2018/10/amsiscanbuffer-bypass/