AnalogX Script Defender

I have AnalogX Script Defender on my computer. I had forgotten about it. I'm not sure if it is effective or not. I don not remember it ever alerting me to anything.

Anyone here know anything about Script Defender?

Thanks,
Jerry

 

well it blocks scripts on the computer from running and it has a editable list of file extensions it can block.

 

Script Defender changes the default Open command of the script file type in the Registry, effectively passing the file to SD for a prompt:

--------------------------
[HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command]
@="C:\\Program Files\\AnalogX\\Script Defender\\sdefend.exe %1 %*"
---------------------------

This works for files that are launched from the hard drive:

http://www.urs2.net/rsj/computing/imgs/vbs_1.gif

However, web-embedded scripts are not intercepted because they are interpreted directly by the browser:

http://www.urs2.net/rsj/computing/imgs/vbs_2.gif

Be careful if you uninstall SD, that you remove the intercepts (registry commands) or you are left with a mess in the Registry:

http://www.urs2.net/rsj/computing/imgs/vbs_3.gif


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I like it and use it. Both it and a similar program called Script Sentry insert themselves between the files they watch over (mostly scripts) and give you one additional chance to say NO and keep from getting infected. While Script Sentry is nice, I prefer Script Defender because you can customize what files it intercepts...

**EDIT** Too slow................

 

With the information provided here, I am not going to uninstall it. I'll leave it to do as it will. I have never had an alert, and forgot I had it on my system.

Added.
How would I load it up? I see the file extensions to intercept, and the capability to remove the intercepts. So maybe it is not as scary as I first thought, if I can learn how to load it. Does that mean to open it?

Thanks,
Jerry

 

Download the GreenBorder security test (.hta file) and double-click it. If you have SD properly installed you should receive a prompt.

 

You really don't need to "load" it per se. It is not a program that runs in the background, such as an AS or AV. It simply resets script policies in the registry. As I'm sure you've seen, when you open SD, it has two options (going from memory here, so it may not be exact): "Install Intercepts" and "Remove Intercepts." When you install the intercepts, it changes the file associations for those script files to where SD becomes the "middle man," so to speak, for running those script extensions. If you have a security program such as Winpatrol where you can view file associations, you can confirm that the script file extensions are associated with SD once you've set it to intercept the scripts. In the two years I have used SD, I have only had one prompt from the program, which was when I attempted to install a program that used scripts to install. I had to open SD, unload the intercepts, install the program, then once again click "Install Intercepts" in order to install the program. Most likely you're not going to see any prompts unless you try to open an email attachment, etc that contains a vbs or other script that tried to run outside your browser environment. The program does really work, however, and has been around for awhile. If you still have doubts, I would suggest the Greenborder test that Lucas1985 suggested.

 

I also recommend the GreenBorder test with any firewall or HIPS disabled: it shows that the MS My Documents, My Files, My Programs, etc, are severe MS vulnerabilties, along with MS Outlook, Outlook Express, etc. These should be somehow plugged with some security mechanism. As regards 98 SE with SD, GreenBorder could access only My Documents, a file which can be removed from the desktop. The cases of 2000, XP, 2003 and Vista, allow GreenBorder to access far more!

Dave

 

Thanks, All, for the help. I have a better understanding now.
Regards,
Jerry