Enable AMSI Events for a Sensor Group

In the Carbon Black EDR console, you can toggle the collection of AMSI events per sensor group. This is disabled by default.

Procedure

On the left navigation bar, click Sensors.
Select the sensor group.
n the Event Collection Settings section, select the checkbox for Fileless script loads.
Click Save Group.
See "Sensor Groups" in the VMware Carbon Black EDR User Guide.