AMSIext

What is AMSIext?

AMSIext is a Firefox and Chrome plugin that allows you to send any data stream from the browser to AMSI. AMSI is the way to communicate RAM memory with Windows Defender (or any other endpoint security system). This means that while browsing the web, AMSIext will alert you to malicious JavaScript, PowerShell or whatever − even before it may be executed in your system!

AMSIext is easy!

AMSI is a native way in Windows 10 to send data in memory to your favorite AV solution. It is active by default in PowerShell and (soon) in Office. This way, if anything not detected by your AV in your local hard drive is executed by PowerShell, thanks to AMSI it will be analyzed against Defender. So, this extension sends any JavaScript, PowerShell, etc. pointed by your browser on a given web to AMSI, even before executing or downloading it.

Why AMSIext?

Install and forget it

Pages containing malicious code will be blocked automatically. If Defender is wrong, just whitelist them!

Just a script file is needed

Since Firefox and Chrome do not have methods yet to connect to AMSI, we need a little script to achieve it. No worries, source code is here.

Test it!

You can try to select some text and in the context menu click on "Send to AMSI". Try the EICAR String to see the result.

Contact

Thank you for your interest in AMSIext. Please write to us if you have any questions or suggestions and we will get back to you very soon.