Command line scripts

Discussion in 'WormGuard' started by Rmus, Aug 14, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'm still looking for the ideal way to prevent unauthorized scripts from running. While certain steps can be taken from within Windows, a product would be nice for those who don't want to tweak Windows.

    WormGuard seems to be the best that I've evaluated, but I recently discovered a weakness with respect to running from a command line.

    For instance, WormGuard blocks the attempt to run a .vbs or .reg file from a command line using this syntax:

    ------------------------------
    C:\WG\Finjan_vbs_demo.vbs

    C:\WG\demo.reg
    -------------------------------

    However, it allows the scripts to run when invoked by the particular engine:

    ---------------------------------------------
    wscript.exe C:\WG\Finjan_vbs_demo.vbs

    regedit.exe C:\WG\demo.reg
    ----------------------------------------------

    This is not very comforting, and I'm wondering if there is a setting in WG that I'm missing. I've put both .vbs and .reg in the blocked list editor.

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
Thread Status:
Not open for further replies.