Open A-AFTAHI opened 1 year ago
Any clarification on this issue? The AMSITrigger exe is also flagged by amsi. I am running this against powershell scripts which definitely get flagged by amsi.
Hey! I commented about this issue some time ago. Long story short: you need real time protection to be enabled in order to check AMSI triggers, the binary however gets flagged by Windows Defender. You can not exclude it, or else real time protection will be off in the current process. It's a vicious cycle that can't seem to be solved. You'll need to modify the AMSITrigger binary in a way to avoid Windows Defender without having to change any Defender settings. My comment: https://github.com/RythmStick/AMSITrigger/issues/4#issuecomment-1503505301
It's pretty easy to get the binary past Windows Defender, just change some pieces of the source code and recompile.
I'm trying to run the Tool against PowerUp.ps1 script but I'm getting : Check Real Time protection is enabled as an output and I don't know what does it mean.
I had the same Output on my Windows 11 Host machine and Windows 10 VM.
I run the tests with both conditions :
Thanks!