Command line scripts

Discussion in 'WormGuard' started by Rmus, Aug 14, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Mar 16, 2005
    I'm still looking for the ideal way to prevent unauthorized scripts from running. While certain steps can be taken from within Windows, a product would be nice for those who don't want to tweak Windows.

    WormGuard seems to be the best that I've evaluated, but I recently discovered a weakness with respect to running from a command line.

    For instance, WormGuard blocks the attempt to run a .vbs or .reg file from a command line using this syntax:



    However, it allows the scripts to run when invoked by the particular engine:

    wscript.exe C:\WG\Finjan_vbs_demo.vbs

    regedit.exe C:\WG\demo.reg

    This is not very comforting, and I'm wondering if there is a setting in WG that I'm missing. I've put both .vbs and .reg in the blocked list editor.


    ~~Be ALERT!!! ~~
Thread Status:
Not open for further replies.