Script Defender

A script blocker. Why script defender/ because un-like many script blockers script defender allows a user to add numerous scripts
If you decide to use script defender the following is a suggested block list: enter:

.OCX,.COM,.SYS,.DLL,.CHM,.CMD,.CPL,.MSC,.MSI,.EML,.JS,.JSE,.PIF,.MSG,.MSG,.SCR,.INF,.INS,.ISP,.CRT,.LNK,.REG,.SCT,.WSC,.BAT,.HTM,.HTML,.VBS,.VBE,.HTA,.WSF,.WSH,.SHS,.SHB


Note the period in front of OCX

Some have a problem retaining the block list an may find this helpful.
install script defender> open> CLEAR the pre-set script extensions> then enter the above block list> hit "install intercepts"> then hit the "X" in the upper right . DO NOT HIT "DONE"

Close script defender completely. After closing...re-open to check..make certain all the above extensions were "kept" if so, again hit the "X" in upper right. Now forget its there..you wont ever see it again unless it pops-up to warn you one of the above scripts is trying to execute...an give you an option to ABORT or EXECUTE.....

Layered security...this was given to me...maybe you can share it also


- Trying different formats to narrow thread width LWM

SPECIAL NOTICE

The above post IS NOT MENT TO BE A RE-PLACEMENT FOR A ANTI-VIRUS PROGRAM. WOULD BE VERY FOOLISH TO EVEN CONSIDER NOT USING AN ANTI-VIRUS PROGRAM...

WHOA!! PAGE SO BIG IT GOES OFF THE SCREEN. Got to get a new 32 inch monitor LOL

hey nice list though thanks .. :D

LWM

My apalogy the scripts posted as Code....was not intention....just not use to posting.....sorry, to cause you extra work. Thank You.



Moore....you are most welcome

I know this thread is quite old, but I just installed Script Defender and can not get the above referenced block list to stay. Anyone have success getting the extended block list to install?

first open SD.then remove intercepts.then add your intercepts.then press done.then if SD shows you your list that you just put in,thats it they are in.regardless of how it looks when you next open it up.

Wrong. I tried it, and it let me open Xen - a .BAT file that should have been intercepted.

Well, I did try running a .reg file that I had and Script Defender hit on it. The .reg entry is not showing in the script extension window, but it did block it. I will agree with iceni60 that even though the added extensions are not shown they are being watched/blocked.

Well, my computer disagrees with that. As I said, the .BAT extension was added, and the instructions (which I am by now familiar with ;) ) were followed. ScriptDefender nonetheless failes to intercept .BAT files.

sorry it didnt work for you pigman,all i can say is it works on my xp home.

OK, got a strange problem here and I need some help. Seems that Script Defender is preventing me from executing any scripts. I have several .vbs and .reg scripts that I know are safe and now I am being told windows can not find them. I uninstalled Script Defender, after disabling everything first, and still cannot access any .vbs or .reg scripts. Anyone know where in the registry Script Defender makes it's changes so I can manually reverse everything and see if that helps. Thanks in advance for any assistance.

*EDIT* After uninstalling and reinstalling Script Defender I can now run scripts, but I can not edit them. If I right click and select EDIT (on any .vbs, .reg, etc. I get an error that Windows can not find the file. I know this is wrong because I can run the script. Any suggestions?

Ahh...

Solution to problem with installiong intercepts, for thsoe it doesn't work for: uninstal current intercepts, copy & paste list, remove .HTM and .HTML, and install intercepts.

Ok, this is really getting the best of me. I have cleared the intercepts, uninstalled ScriptDefender and now I can not run any scripts. Only way to regain functionality is to install ScriptDefender. Any ideas?

*EDIT*
Problem partially averted.

Uninstalled Script Defender and installed Script Sentry. With Script Sentry you have the option to "View File in Notepad" built into the GUI. I would still like to know what Script Defender did, but at least I can view and edit scripts again.

Here is my Ashampoo log file, hope it will help...

; Legend:
; [-]= Deleted key/folder, [+]= New key/folder, [#]= Changed key/folder,
; [-]= Deleted value/file, [+]= New value/file
; [%]= Changed value (old value/file), = Changed value (new value/file)
;
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command]
[%]"(default)" = ""%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command]
[%]"(default)" = ""%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\DocShortcut\shell\open\command]
[%]"(default)" = "C:\WINDOWS\rundll32.exe shscrap.dll,OpenScrap_RunDLL /r /x %1"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\JSEFile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\WScript.exe "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\JSFile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\WScript.exe "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\Msi.Package\shell\Open\command]
[%]"(default)" = ""C:\WINDOWS\SYSTEM\msiexec.exe" /i "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\ShellScrap\shell\open\command]
[%]"(default)" = "C:\WINDOWS\rundll32.exe shscrap.dll,OpenScrap_RunDLL %1"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\VBEFile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\WScript.exe "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\VBSFile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\WScript.exe "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\WSFFile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\WScript.exe "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[#][HKEY_LOCAL_MACHINE\Software\CLASSES\WSHFile\Shell\Open\Command]
[%]"(default)" = "C:\WINDOWS\WScript.exe "%1" %*"
"(default)" = "C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*"
[+][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnalogX Script Defender]
[+]"DisplayName" = "AnalogX Script Defender"
[+]"UninstallString" = "C:\Program Files\AnalogX\Script Defender\sdefendu.exe"
[+][HKEY_USERS\.DEFAULT\Software\AnalogX\Script Defender\Associations]
[+]".BAT" = ""%1" %*"
[+]".COM" = ""%1" %*"
[+]".HTA" = "C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*"
[+]".JS" = "C:\WINDOWS\WScript.exe "%1" %*"
[+]".JSE" = "C:\WINDOWS\WScript.exe "%1" %*"
[+]".MSI" = ""C:\WINDOWS\SYSTEM\msiexec.exe" /i "%1" %*"
[+]".PIF" = ""%1" %*"
[+]".SCR" = ""%1" /S"
[+]".SHB" = "C:\WINDOWS\rundll32.exe shscrap.dll,OpenScrap_RunDLL /r /x %1"
[+]".SHS" = "C:\WINDOWS\rundll32.exe shscrap.dll,OpenScrap_RunDLL %1"
[+]".VBE" = "C:\WINDOWS\WScript.exe "%1" %*"
[+]".VBS" = "C:\WINDOWS\WScript.exe "%1" %*"
[+]".WSF" = "C:\WINDOWS\WScript.exe "%1" %*"
[+]".WSH" = "C:\WINDOWS\WScript.exe "%1" %*"
[+][HKEY_USERS\.DEFAULT\Software\AnalogX\Script Defender]
[+]"Dialog H" = $00000000 (0)
[+]"Dialog W" = $00000000 (0)
[+]"Dialog X" = $00000014 (20)
[+]"Dialog Y" = $00000014 (20)
[+]"Extensions" = ".VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB,.COM,.BAT,.PIF,.SCR,.MSI"
[+]"Install Path" = "C:\Program Files\AnalogX\Script Defender\"
[+]"Tray Minimize" = $00000000 (0)
[+][HKEY_USERS\.DEFAULT\Software\AnalogX]

When uninstalling Script Defender - Remove intercepts (OK) but after this do I click Done or just close the program and then use the uninstaller and I presume clean the registry. I fear that it has mixed my computer up when adding the extra defences :'( I uninstalled but have since re-installed as I wasn't quite sure which bit to click after 'remove intercepts ???

Edit: I have just managed to fix the issue with IESpyad on my laptop with a bit of tweaking but I will be very cautious now.

Doug Knox is a life saver!!!!!!!!!!!!!!!!!!!!!!!!!!!

Long story short. I recently noticed I could not run any .msc files. Did some digging and stumbled on this page: http://www.dougknox.com/xp/file_assoc.htm

Ran both the .vbs and .msc association fixes and all my previous problems are gone. Lesson: Be careful when trying new software.