AnalogX Script Defender

Discussion in 'other anti-malware software' started by JerryM, Jan 19, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I have AnalogX Script Defender on my computer. I had forgotten about it. I'm not sure if it is effective or not. I don not remember it ever alerting me to anything.

    Anyone here know anything about Script Defender?

    Thanks,
    Jerry
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    well it blocks scripts on the computer from running and it has a editable list of file extensions it can block.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Script Defender changes the default Open command of the script file type in the Registry, effectively passing the file to SD for a prompt:

    --------------------------
    [HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command]
    @="C:\\Program Files\\AnalogX\\Script Defender\\sdefend.exe %1 %*"
    ---------------------------

    This works for files that are launched from the hard drive:

    http://www.urs2.net/rsj/computing/imgs/vbs_1.gif

    However, web-embedded scripts are not intercepted because they are interpreted directly by the browser:

    http://www.urs2.net/rsj/computing/imgs/vbs_2.gif

    Be careful if you uninstall SD, that you remove the intercepts (registry commands) or you are left with a mess in the Registry:

    http://www.urs2.net/rsj/computing/imgs/vbs_3.gif


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  4. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I like it and use it. Both it and a similar program called Script Sentry insert themselves between the files they watch over (mostly scripts) and give you one additional chance to say NO and keep from getting infected. While Script Sentry is nice, I prefer Script Defender because you can customize what files it intercepts...

    **EDIT** Too slow................ :(
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    With the information provided here, I am not going to uninstall it. I'll leave it to do as it will. I have never had an alert, and forgot I had it on my system.

    Added.
    How would I load it up? I see the file extensions to intercept, and the capability to remove the intercepts. So maybe it is not as scary as I first thought, if I can learn how to load it. Does that mean to open it?

    Thanks,
    Jerry
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Download the GreenBorder security test (.hta file) and double-click it. If you have SD properly installed you should receive a prompt.
     
  7. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    You really don't need to "load" it per se. It is not a program that runs in the background, such as an AS or AV. It simply resets script policies in the registry. As I'm sure you've seen, when you open SD, it has two options (going from memory here, so it may not be exact): "Install Intercepts" and "Remove Intercepts." When you install the intercepts, it changes the file associations for those script files to where SD becomes the "middle man," so to speak, for running those script extensions. If you have a security program such as Winpatrol where you can view file associations, you can confirm that the script file extensions are associated with SD once you've set it to intercept the scripts. In the two years I have used SD, I have only had one prompt from the program, which was when I attempted to install a program that used scripts to install. I had to open SD, unload the intercepts, install the program, then once again click "Install Intercepts" in order to install the program. Most likely you're not going to see any prompts unless you try to open an email attachment, etc that contains a vbs or other script that tried to run outside your browser environment. The program does really work, however, and has been around for awhile. If you still have doubts, I would suggest the Greenborder test that Lucas1985 suggested.
     
  8. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    I also recommend the GreenBorder test with any firewall or HIPS disabled: it shows that the MS My Documents, My Files, My Programs, etc, are severe MS vulnerabilties, along with MS Outlook, Outlook Express, etc. These should be somehow plugged with some security mechanism. As regards 98 SE with SD, GreenBorder could access only My Documents, a file which can be removed from the desktop. The cases of 2000, XP, 2003 and Vista, allow GreenBorder to access far more!

    Dave
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks, All, for the help. I have a better understanding now.
    Regards,
    Jerry
     
Loading...
Similar Threads
  1. drhu22
    Replies:
    1
    Views:
    484
Thread Status:
Not open for further replies.