Issues using AMSI on Windows 10 with Cisco AMP for Endpoints

JigneshkumarJani33510 · ‎06-17-2020

I am trying to use AMSI from Windows 10 machine which has Cisco AMP for Endpoints installed. I am using C# code to access AMSI. AMSI fails to invoke Cisco AMP for endpoints AMSI provider. With little or no documentation there isn't a specific root cause that I could find. Though I do have some clue in one of the event log which reads like "Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Cisco\AMP\scriptid\damsicom64.dll that did not meet the Microsoft signing level requirements." I assume damsicom64.dll is the Cisco AMP AMSI provider. Thought of seeking help here in the community to see if anyone has faced same issue and got some soltion for same ?

marce1000 · ‎06-17-2020

- Make sure that this is not due to an installed Anti-Virus solution (turn off temporarily and try again).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

JigneshkumarJani33510 · ‎06-17-2020

Cisco AMP for Endpoints is the only Anti-Virus installed. I am trying to use this via AMSI interface on Windows 10. There is no other Anti Virus on machine.

ali.rodriguez · ‎11-10-2021

Did you resolve this issue? I would like to know the details