How to determine the underlying provider used by Antimalware Scan Interface?

Question

Is there a easy way to see which underlying malware provider is handling the requests for Antimalware Scan Interface? Win32 call or registry key?

Windows Server 2019

score 1 · Answer 1 · answered May 19 '20 at 19:31

1

According to MSFT docs, appears there are two registry keys for finding this info:

HKLM\SOFTWARE\Microsoft\AMSI\Providers

HKLM\SOFTWARE\Classes\CLSID

answered May 19 '20 at 19:31

user2368632

1 Answers1