I would like to write a small script as part of a pentest that validates and outputs whether Windows Defender Antimalware Scan Interface (AMSI) flags the file or not. Since I need a powershell script to do the scanning best, but I don't know enough about the language to write such one, I resorted to the PSAmsi tool. Anyway, that's what I tried...

However, I constantly have the problem that PSAmsi cannot work because defender prevents it from doing so. If I turn off Defender, PSAmsi works, but it aborts with the error message that no AMSI was detected, which I had to deactivate with Defender before...,

Also I get errors all the time and when it works, PSAmsi always returns false, even with malicious files, which doesn't work like that...

Does anyone know about PSAmsi or can give me advice

With kind regards, Luke