Rmus
August 14th, 2005, 12:52 PM
I'm still looking for the ideal way to prevent unauthorized scripts from running. While certain steps can be taken from within Windows, a product would be nice for those who don't want to tweak Windows.
WormGuard seems to be the best that I've evaluated, but I recently discovered a weakness with respect to running from a command line.
For instance, WormGuard blocks the attempt to run a .vbs or .reg file from a command line using this syntax:
------------------------------
C:\WG\Finjan_vbs_demo.vbs
C:\WG\demo.reg
-------------------------------
However, it allows the scripts to run when invoked by the particular engine:
---------------------------------------------
wscript.exe C:\WG\Finjan_vbs_demo.vbs
regedit.exe C:\WG\demo.reg
----------------------------------------------
This is not very comforting, and I'm wondering if there is a setting in WG that I'm missing. I've put both .vbs and .reg in the blocked list editor.
thanks,
-rich
________________
~~Be ALERT!!! ~~
WormGuard seems to be the best that I've evaluated, but I recently discovered a weakness with respect to running from a command line.
For instance, WormGuard blocks the attempt to run a .vbs or .reg file from a command line using this syntax:
------------------------------
C:\WG\Finjan_vbs_demo.vbs
C:\WG\demo.reg
-------------------------------
However, it allows the scripts to run when invoked by the particular engine:
---------------------------------------------
wscript.exe C:\WG\Finjan_vbs_demo.vbs
regedit.exe C:\WG\demo.reg
----------------------------------------------
This is not very comforting, and I'm wondering if there is a setting in WG that I'm missing. I've put both .vbs and .reg in the blocked list editor.
thanks,
-rich
________________
~~Be ALERT!!! ~~