Jump to content

ASMI Reporting, What Are We Supposed To Do When it Reports an Issue(s)


Recommended Posts

Posted

Under reporting I keep getting notifications about,

"Yesterday, 1/27/2023 7:07:30 PM;Malicious object detected;Runtime Broker;ChromeCrashHandler.exe;C:\Program Files (x86)\Google\CrashReports\ChromeCrashHandler.exe;C:\Program Files (x86)\Google\CrashReports;30728;DESKTOP-MA6ODKI\Bucy;Initiator;Detected;Detected;HEUR:Backdoor.MSIL.ARAT.gen;Trojan;High;Heuristic Analysis;uid:/amsi_stream_49;amsi_stream_49;uid://;File;Expert analysis"

and

"Yesterday, 1/27/2023 7:07:30 PM;The object scan result has been sent to a third-party application;Runtime Broker;ChromeCrashHandler.exe;C:\Program Files (x86)\Google\CrashReports\ChromeCrashHandler.exe;C:\Program Files (x86)\Google\CrashReports;30728;DESKTOP-MA6ODKI\Bucy;Initiator;Not processed;Not processed;HEUR:Backdoor.MSIL.ARAT.gen;Trojan;High;Heuristic Analysis;uid:/amsi_stream_49;amsi_stream_49;uid://;File;Logged"

I don't see options to deal with it. I don't know how to proceed. Please advise.
 

Posted

Following up, I ran a full scan in safe mode, where I noticed Kaspersky ran a boot scan earlier. Nothing much has been found (the report sited 1 issue but did not describe it). I have not had anything show up in an AMSI report yet. I'm hoping I am clear, but still would like an expert to describe what happened and how to proceed in the future. I am still concerned due to not finding the issues reported as dealt with. Thank you for your efforts.

Flood and Flood's wife
Posted (edited)

Hello @Bucy

Welcome!

There's not much information available: About protection using Antimalware Scan Interface.

Antimalware Scan Interface (AMSI) allows a third-party application that supports AMSI to send objects (for example, PowerShell scripts) to the Kaspersky application for additional scanning and to receive scan results for these objects. For example, Microsoft Office applications can be such third-party applications. For more information about the AMSI interface, refer to Microsoft documentation.

Antimalware Scan Interface allows only to detect a threat and notify a third-party application about the detected threat. After receiving the threat notification, the third-party application prevents malicious actions (for example, shuts down).

The Kaspersky application may decline a request from a third-party application if, for example, this application exceeds the maximum number of requests allowed for a period. In this case, the Kaspersky application displays a notification about the declined request. If you receive such a notification, you do not have to perform any actions.

  • Your best course of action is to log a request with Kaspersky support, so a dedicated resource can be allocated to look at it. On the support page: https://support.kaspersky.com/b2c#contacts, select either Chat or Email, then fill in Malware, Other template; please include any screen images of the error & a detailed history. Support may request logs, traces & other data; they will guide you. 

Please share the outcome with the Community, when it's available? 
Thank you?
Flood?+?

Edited by Flood and Flood's wife

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...