SpywareBlaster blocks WScript.Shell in local HTML documents

SpywareBlaster 2.6.1 with 29-Feb-2004 updates prevents IE6 instantiating a WScript.Shell object in HTML documents. These are legitimate 'active' documents on the local file system of a Windows XP PC.

The security issues around ActiveX controls in IE are quite well covered by the security options in IE, so SpywareBlaster seems to be over protective here.

This raises the issue that with hundreds of ActiveX classes now in the database, its difficult to isolate which one causes a problem such as this. I'm currently comparing report logs from SysInternals Registry Monitor to identify the class or classes that I can search for in the list panel to switch them off.

It would be useful if you could select ranges of entries in the list to enable or disable.
It would also be useful to be able to save your own custom list of classes not to block so that when you download an update, you don't have to remember which entries to remove the check mark from.

 

The thread LowWaterMark linked to should explain the reasoning and how to find them in the database (you can right-click on the database and use the "Find" option as well).

And regarding your idea above - that feature will be in the next version of SpywareBlaster.

Best regards,

-Javacool