You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mde-demonstration-amsi.md
+15-7Lines changed: 15 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,8 +49,11 @@ In this demonstration article, you have two engine choices to test AMSI:
49
49
50
50
1. Save the following PowerShell script as `AMSI_PoSh_script.ps1`:
51
51
52
-
:::image type="content" source="media/mde-demonstrations-amsi/test-amsi-powershell-save-script.png" alt-text="Screenshot showing PowerShell script to save as AMSI_PoSh_script.ps1" lightbox="media/mde-demonstrations-amsi/test-amsi-powershell-save-script.png":::
53
-
52
+
```powershell
53
+
$testString = "AMSI Test Sample: " + "7e72c3ce-861b-4339-8740-0ac1484c1386"
54
+
Invoke-Expression $testString
55
+
```
56
+
54
57
2. On your device, open PowerShell as an administrator.
55
58
56
59
3. Type `Powershell -ExecutionPolicy Bypass AMSI_PoSh_script.ps1`, and then press **Enter**.
@@ -64,17 +67,22 @@ In this demonstration article, you have two engine choices to test AMSI:
64
67
65
68
1. Save the following VBScript as `AMSI_vbscript.vbs`:
66
69
67
-
:::image type="content" source="media/mde-demonstrations-amsi/test-amsi-vbscript-save-script.png" alt-text="Screenshot showing VBScript to save as AMSI_vbscript.vbs" lightbox="media/mde-demonstrations-amsi/test-amsi-vbscript-save-script.png":::
68
-
70
+
```vbscript
71
+
REM Save this sample AMSI vbscript as AMSI_vbscript.vbs
72
+
Dimresult
73
+
result=eval("AMSI Test Sample: "+"7e72c3ce-861b-4339-8740-0ac1484c1386")
74
+
WScript.Echoresult
75
+
```
76
+
69
77
2. On your Windows Device, open Command Prompt as an administrator.
70
78
71
-
2. Type `wscript AMSI_vbscript.js`, and then press **Enter**.
79
+
1. Type `wscript AMSI_vbscript.vbs`, and then press **Enter**.
72
80
73
81
The result should be as follows:
74
82
75
-
:::image type="content" source="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png" alt-text="Screenshot showing the AMSI test results. It should show that antivirus software blocked the script." lightbox="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png":::
83
+
:::image type="content" source="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png" alt-text="Screenshot showing the AMSI test results. It should show that antivirus software blocked the script." lightbox="media/mde-demonstrations-amsi/test-amsi-vbscript-results.png":::
84
+
76
85
77
-
78
86
### Verifying the test results
79
87
80
88
In your protection history, you should be able to see the following information:
0 commit comments