AMSI Check

The Windows AntiMalware Scan Interface (AMSI) is a versatile standard that allows applications and services to integrate with any AntiMalware product present on a machine. AMSI is vendor agnostic and designed to allow for the most common malware scanning and protection techniques provided by today's products to be integrated into applications.

It only scans the HTTP protocol, and is not meant to be a replacement to existing server-level or message hygiene protections.

AMSI integration is available on the following Operating System / Exchange Server version combinations: - Windows Server 2016, or higher - Exchange Server 2016 CU21, or higher - Exchange Server 2019 CU10, or higher - AMSI is not available on Edge Transport Servers

If you use Microsoft Defender, AV engine version at or higher than 1.1.18300.4 is also required. Alternatively, a compatible AMSI capable third-party AV provider.

This check verifies if an override exists which disables the AMSI integration with Exchange Server. It does that, by running the following query:

Get-SettingOverride | Where-Object { ($_.ComponentName -eq "Cafe") -and ($_.SectionName -eq "HttpRequestFiltering") }