The leader mechanical its software Microsoft, Mr. Lee Holmes mentioned that Windows 10 apps will now be able to connect to installed anti-virus platforms to better fight malware.
Holmes said the feature Antimalware Scan Interface (AMSI) Windows 10 will allow applications and services to use different anti-virus to detect malicious activities in the system memory.
As Holmes points out, most anti-malware can read signatures of suspicious activity, but if coding techniques like XOR are used, applications security fail as the malware appears benign.
The efforts made until today, at best, did not detect them attacks which were performed in memory and at worst showed false positives that stopped legitimate processes.
Holmes said, "Or the antivirus engine checks files opened by the user. "If the malicious content is only in the memory, the attack may go unnoticed."
"Malicious scripts can go through various paths to hide them, but in the end they should feed the scripting engine with a simple, non-obscure code. At this point, the application can now call the new Windows AMSI API and request a scan of unprotected content.
"Any application can also call a registered anti-malware engine through AMSI and edit the submitted content."
Holmes called on all application developers to add to their applications the ability to use AMSI.
As the expert mentions the new feature can be extended to "catch" the malware on instant messaging or gaming platforms, video plug-ins and more.
"There are so many more opportunities - this is just the beginning," he said
Note that Windows Defender, Microsoft's anti-virus platform, thanks to AMSI technology able to detect malicious scripts with XOR.
