This activity offers the possibility to scan strings and buffers to identify malware in memory, before it is stored on the
hard disk. For this it uses the Microsoft Anti Malware Scan Interface (AMSI). This way e.g. data that is loaded from the Internet, in the context of an automated business process, can be checked in memory to see whether it contains suspicious signatures. This allows us to increase security in the handling of such data.
This library has been tested with UiPath 2021.10.4, 2022.02 and 2022.04, with both compatibility modes, Windows Legacy (dotNET Framework 4.61) and Windows (dotNET 5 and dotNET 6).
This library offers two easy ways to handle activities:
Scans a string, a sequence of characters, for malware and delivers the result of the scan, e.g. as AMSI_RESULT_CLEAN or AMSI_RESULT_DETECTED.
Scans a buffer, a sequence of bytes for malware and delivers also the result of the scan.