Enterprise EDR: What Version of the Sensor Supports AMSI Capabilities?
search cancel

Enterprise EDR: What Version of the Sensor Supports AMSI Capabilities?

book

Article ID: 291294

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

What version of the (Formerly ThreatHunter) sensor supports gathering AMSI information?

Environment

  • Enterprise EDR: 3.5.x and Higher
  • Microsoft Windows 10 version 1703 and Later
  • Microsoft Windows Server 2016 version 1703 and Later
  • Microsoft Windows Server 2019 (all versions)

Resolution

AMSI support was added in the 3.5 version of the sensor

Additional Information

The Windows 3.6 Sensor will add support for the AMSI fields scriptload_content and scriptload_content_length but only when using the 3.6 version
Powered by Wolken Software