Skip to content

Test-AMSI

The Windows AntiMalware Scan Interface (AMSI) is a versatile standard that allows applications and services to integrate with any AntiMalware product present on a machine. Seeing that Exchange administrators might not be familiar with AMSI, we wanted to provide a script that would make life a bit easier to test, enable, disable, or Check your AMSI Providers.

Download

Download the latest release: Test-AMSI.ps1

Parameters

Parameter Description
TestAMSI If you want to test to see if AMSI integration is working. You can use a server, server list or FQDN of load balanced array of Client Access servers.
IgnoreSSL If you need to test and ignoring the certificate check.
CheckAMSIConfig If you want to see what AMSI Providers are installed. You can combine with ServerList, AllServers or Sites.
EnableAMSI If you want to enable AMSI. Without any additional parameter it will apply at Organization Level. If combine with ServerList, AllServers or Sites it will apply at server level.
DisableAMSI If you want to disable AMSI. Without any additional parameter it will apply at Organization Level. If combine with ServerList, AllServers or Sites it will apply at server level.
RestartIIS If you want to restart the Internet Information Services (IIS). You can combine with ServerList, AllServers or Sites.
Force If you want to restart the Internet Information Services (IIS) without confirmation.
ServerList If you want to apply to some specific servers.
AllServers If you want to apply to all server.
Sites If you want to apply to all server on a sites or list of sites.

Common Usage

After you download the script, you will need to run it within an elevated Exchange Management Shell Session

If you want to test to see if AMSI integration is working in a LB Array, you can run: .\Test-AMSI.ps1 mail.contoso.com

If you want to test to see if AMSI integration is working in list of servers, you can run: .\Test-AMSI.ps1 -ServerList server1, server2

If you want to test to see if AMSI integration is working in all server, you can run: .\Test-AMSI.ps1 -AllServers

If you want to test to see if AMSI integration is working in all server in a list of sites, you can run: .\Test-AMSI.ps1 -AllServers -Sites Site1, Site2

If you need to test and ignoring the certificate check, you can run: .\Test-AMSI.ps1 -IgnoreSSL

If you want to see what AMSI Providers are installed on the local machine you can run: .\Test-AMSI.ps1 -CheckAMSIConfig

If you want to enable AMSI at organization level, you can run: .\Test-AMSI.ps1 -EnableAMSI

If you want to enable AMSI in an Exchange Server or Server List at server level, you can run: .\Test-AMSI.ps1 -EnableAMSI -ServerList Exch1, Exch2

If you want to enable AMSI in all Exchange Server at server level, you can run: .\Test-AMSI.ps1 -EnableAMSI -AllServers

If you want to enable AMSI in all Exchange Server in a site or sites at server level, you can run: .\Test-AMSI.ps1 -EnableAMSI -AllServers -Sites Site1, Site2

If you want to disable AMSI on the Exchange Server, you can run: .\Test-AMSI.ps1 -DisableAMSI

If you want to disable AMSI in an Exchange Server or Server List at server level, you can run: .\Test-AMSI.ps1 -DisableAMSI -ServerList Exch1, Exch2

If you want to disable AMSI in all Exchange Server at server level, you can run: .\Test-AMSI.ps1 -DisableAMSI -AllServers

If you want to disable AMSI in all Exchange Server in a site or sites at server level, you can run: .\Test-AMSI.ps1 -DisableAMSI -AllServers -Sites Site1, Site2

If you want to restart the Internet Information Services (IIS), you can run: .\Test-AMSI.ps1 -RestartIIS

If you want to restart the Internet Information Services (IIS) without confirmation, you can run: .\Test-AMSI.ps1 -RestartIIS -Force