{"id":96339,"date":"2019-08-12T06:00:42","date_gmt":"2019-08-12T13:00:42","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=96339"},"modified":"2025-06-02T19:47:00","modified_gmt":"2025-06-03T02:47:00","slug":"mcafee-amsi-integration-protects-against-malicious-scripts","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/","title":{"rendered":"McAfee AMSI Integration Protects Against Malicious Scripts"},"content":{"rendered":"

Following on from the McAfee Protects against suspicious email attachments<\/a><\/u> blog, this blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee Endpoint products. The AMSI scanner within McAfee ENS 10.6 has already detected over 650,000 pieces of Malware since the start of 2019. This blog will help show you how to enable it, and explain why it should be enabled, by highlighting some of the malware we are able to detect with it.<\/p>\n

ENS 10.6 and Above<\/h2>\n

The AMSI scanner will scan scripts once they have been executed. This enables the scanner to de-obfuscate the script and scan it using DAT content. This is useful as the original scripts can be heavily obfuscated and are difficult to generically detect, as shown in the image below:<\/p>\n

\"\"<\/p>\n

Figure 1 – Obfuscated VBS script being de-obfuscated with AMSI<\/em><\/p>\n

Enable the Scanner<\/h2>\n

By default, the AMSI scanner is set to observe mode. This means that the scanner is running but it will not block any detected scripts; instead it will appear in the ENS log and event viewer as show below:<\/p>\n

\"\"<\/p>\n

Figure 2 – Would Block in the Event log<\/em><\/p>\n

To actively block the detected threats, you need to de-select the following option in the ENS settings:<\/p>\n

\"\"<\/p>\n

Figure 3 – How to enable Blocking<\/em><\/p>\n

Once this has been done, the event log will show that the malicious script has now been blocked:<\/p>\n

\"\"<\/p>\n

Figure 4 – Action Blocked in<\/em>\u00a0Event Log<\/em><\/p>\n

In the Wild<\/h2>\n

Since January 2019, we have observed over 650,000 detections and this is shown in the IP Geo Map below:<\/p>\n

\"\"<\/p>\n

Figure 5 – Geo Map of all AMSI detection since January\u00a02019<\/em><\/p>\n

We are now able to block some of the most prevalent threats with AMSI. These include PowerMiner, Fileless MimiKatz and JS downloader families such as JS\/Nemucod.<\/p>\n

The section below describes how these families operate, and their infection spread across the globe.<\/p>\n

PowerMiner<\/h3>\n

The PowerMiner malware is a cryptocurrency malware whose purpose is to infect as many machines as possible to mine Monero currency. The initial infection vector is via phishing emails which contain a batch file. Once executed, this batch file will download a malicious PowerShell script which will then begin the infection process.<\/p>\n

The infection flow is shown in the graph below:<\/p>\n

\"\"<\/p>\n

Figure 6 – I<\/em>nfection flow of PowerMiner<\/em><\/p>\n

With the AMSI scanner, we can detect the malicious PowerShell script and stop the infection from occurring. The Geo IP Map below shows how this malware has spread across the globe:<\/p>\n

\"\"<\/p>\n

Figure 7 – Geo Map of PS\/PowerMiner!ams\u00a0 detection since January 2019<\/em><\/p>\n

McAfee Detects PowerMiner as PS\/PowerMiner!ams.a.<\/p>\n

Fileless Mimikatz<\/h2>\n

Mimikatz is a tool which enables the extraction of passwords from the Windows LSASS. Mimikatz was previously used as a standalone tool, however malicious scripts have been created which download Mimikatz into memory and then execute it without it ever being downloaded to the local disk. An example of a fileless Mimikatz script is shown below (note: this can be heavily obfuscated):<\/p>\n

\"\"<\/p>\n

Figure 8 – Fileless Mimikatz PowerShell script<\/em><\/p>\n

The Geo IP Map below shows how fileless Mimikatz has spread across the globe:<\/p>\n

\"\"<\/p>\n

Figure 9 – Geo IP Map of PS\/Mimikatz detection since January 2019<\/em><\/p>\n

McAfee can detect this malicious script as PS\/Mimikatz.a, PS\/Mimikatz.b, PS\/Mimikatz.c.<\/p>\n

JS\/Downloader<\/h2>\n

JS downloaders are usually spread via email. The purpose of these JavaScript files is to download further payloads such as ransomware, password stealers and backdoors to further exploit the compromised machine. The infection chain is shown below, as well as an example phishing email:<\/p>\n

\"\"<\/p>\n

Figure 10 – Infection flow of Js\/Downloader<\/em><\/p>\n

\"\"<\/p>\n

Figure 11 – Example phishing email distributing JS\/Downloader<\/em><\/p>\n

Below is the IP Geo Map of AMSI JS\/Downloader detections since January 2019:<\/p>\n

\"\"<\/p>\n

Figure 12 – Geo Map of AMSI-FAJ detection since January 2019<\/em><\/p>\n

The AMSI scanner detects this threat as AMSI-FAJ.<\/p>\n

MVISION Endpoint and ENS 10.7<\/h2>\n

MVISION Endpoint and ENS 10.7 (Not currently released) will use Real Protect Machine Learning to detect PowerShell AMSI generated content.<\/p>\n

This is done by extracting features from the AMSI buffers and running these against the ML classifier to decide if the script is malicious or not. An example of this is shown below:<\/p>\n

\"\"<\/p>\n

 <\/p>\n

Thanks to this detection technique, MVISION EndPoint can detect Zero-Day PowerShell threats.<\/p>\n

Conclusion<\/h2>\n

We hope that this blog has helped highlight why enabling AMSI is important and how it will help keep your environments safe.<\/p>\n

We recommend our customers who are using ENS 10.6 on a Windows 10 environment enable AMSI in \u2018Block\u2019 mode so that when a malicious script is detected it will be terminated. This will protect Endpoints from the threats mentioned in this blog, as well as countless others.<\/p>\n

Customers using MVISION EndPoint are protected by default and do not need to enable \u2018Block\u2019 mode.<\/p>\n

We also recommend reading McAfee Protects against suspicious email attachments<\/a><\/u> which will help protect you against malware being spread via email, such as the JS\/Downloaders described in this blog.<\/p>\n

All testing was performed with the V3 DAT package 3637.0 which contains the latest AMSI Signatures. Signatures are being added to the V3 DAT package daily, so we recommend our customers always use the latest ones.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.<\/p>\n","protected":false},"author":774,"featured_media":96272,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[849],"class_list":["post-96339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nMcAfee AMSI Integration Protects Against Malicious Scripts | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"McAfee AMSI Integration Protects Against Malicious Scripts | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-12T13:00:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T02:47:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Oliver Devane\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oliver Devane\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/\"},\"author\":{\"name\":\"Oliver Devane\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/f3e79f95122a1e56c0b07811a4f2188a\"},\"headline\":\"McAfee AMSI Integration Protects Against Malicious Scripts\",\"datePublished\":\"2019-08-12T13:00:42+00:00\",\"dateModified\":\"2025-06-03T02:47:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/\"},\"wordCount\":851,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/\",\"name\":\"McAfee AMSI Integration Protects Against Malicious Scripts | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg\",\"datePublished\":\"2019-08-12T13:00:42+00:00\",\"dateModified\":\"2025-06-03T02:47:00+00:00\",\"description\":\"This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg\",\"width\":2048,\"height\":1350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"McAfee AMSI Integration Protects Against Malicious Scripts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/f3e79f95122a1e56c0b07811a4f2188a\",\"name\":\"Oliver Devane\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/145287b0eca301fc80d99baf060dd274\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Oliver-Devane-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Oliver-Devane-96x96.jpg\",\"caption\":\"Oliver Devane\"},\"description\":\"Oliver Devane is currently a Senior Security Researcher at McAfee. He is based in the UK office and has over 10 years of experience analyzing Malware and Potentially Unwanted Programs.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/oliver-devane-1a528749\/\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/oliver-devane\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"McAfee AMSI Integration Protects Against Malicious Scripts | McAfee Blog","description":"This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"McAfee AMSI Integration Protects Against Malicious Scripts | McAfee Blog","og_description":"This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2019-08-12T13:00:42+00:00","article_modified_time":"2025-06-03T02:47:00+00:00","og_image":[{"width":2048,"height":1350,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg","type":"image\/jpeg"}],"author":"Oliver Devane","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Oliver Devane","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/"},"author":{"name":"Oliver Devane","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/f3e79f95122a1e56c0b07811a4f2188a"},"headline":"McAfee AMSI Integration Protects Against Malicious Scripts","datePublished":"2019-08-12T13:00:42+00:00","dateModified":"2025-06-03T02:47:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/"},"wordCount":851,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/","name":"McAfee AMSI Integration Protects Against Malicious Scripts | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg","datePublished":"2019-08-12T13:00:42+00:00","dateModified":"2025-06-03T02:47:00+00:00","description":"This blog describes how the AMSI (Antimalware Scan Interface) is used within the various McAfee products, and highlights some of the malware we are able to detect with it.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/08\/thumbnail-2.jpeg","width":2048,"height":1350},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"McAfee AMSI Integration Protects Against Malicious Scripts"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/f3e79f95122a1e56c0b07811a4f2188a","name":"Oliver Devane","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/145287b0eca301fc80d99baf060dd274","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Oliver-Devane-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Oliver-Devane-96x96.jpg","caption":"Oliver Devane"},"description":"Oliver Devane is currently a Senior Security Researcher at McAfee. He is based in the UK office and has over 10 years of experience analyzing Malware and Potentially Unwanted Programs.","sameAs":["https:\/\/www.linkedin.com\/in\/oliver-devane-1a528749\/"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/oliver-devane\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/96339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/774"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=96339"}],"version-history":[{"count":4,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/96339\/revisions"}],"predecessor-version":[{"id":214944,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/96339\/revisions\/214944"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/96272"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=96339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=96339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=96339"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=96339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}