Microsoft Windows AMSI
This pack includes Cortex XSIAM content.
This pack requires an XDR Agent to be installed on the relevant endpoints.
Microsoft Windows AMSI
- Details
- Content
- Dependencies
- Version History
The Windows Antimalware Scan Interface (AMSI) is a security feature in Windows OSs that allows services to scan for files, memory and other data for threats.
Modeling Rules
| Name | Description |
|---|---|
Microsoft Windows AMSI Security Modeling Rule |
Parsing Rules
| Name | Description |
|---|---|
Microsoft Windows AMSI Parsing Rule |
1.0.6 - 8542515 (April 28, 2026)
- 43940
Modeling Rules
Microsoft Windows AMSI Security Modeling Rule
- Documentation and metadata improvements.
- 43940
1.0.5 - 8479105 (April 26, 2026)
- 43941
Parsing Rules
Microsoft Windows AMSI Parsing Rule
- Documentation and metadata improvements.
- 43941
1.0.4 - 7850318 (March 23, 2026)
1.0.3 - 5689147 (November 2, 2025)
- 41690
Modeling Rules
Microsoft Windows AMSI Security Modeling Rule
- Implemented structure changes for backend compatibility.
- 41690
1.0.2 - 5636304 (October 29, 2025)
1.0.1 - R4077103 (July 6, 2025)
- 29354
Modeling Rules
Microsoft Windows AMSI Security Modeling Rule
Updated the Modeling Rule schema with additional fields.
- 29354
PUBLISHER
PLATFORMS
Cortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | August 10, 2023 | |
| Last Release | April 28, 2026 |