During a Windows desktop security review, you must recommend a built-in countermeasure that will help endpoint anti-malware engines detect fileless attacks launched through PowerShell, VBScript, or WMI without relying on a signature stored on disk. Which native feature should you ensure is enabled so the AV solution can inspect the script content in memory?
Windows Anti-Malware Scan Interface (AMSI) exposes the content of scripts and other dynamic code to the installed antivirus engine as the code is loaded into memory, allowing heuristic and behavior-based inspection that can stop fileless threats before execution. Encrypting File System only protects data at rest and does nothing to inspect running scripts. Software Restriction Policies can block executables by path or hash but cannot analyze the in-memory script text of PowerShell or WMI. BitLocker with TPM-only mode protects the drive during offline attacks yet provides no runtime visibility into script content. Therefore, enabling AMSI integration is the appropriate countermeasure for detecting memory-resident, script-based malware.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AMSI and how does it help detect fileless attacks?
Open an interactive chat with Bash
How does AMSI differ from traditional signature-based anti-malware systems?
Open an interactive chat with Bash
Why are fileless attacks harder to detect compared to traditional malware?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .