Command line scripts

Discussion in 'WormGuard' started by Rmus, Aug 14, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    I'm still looking for the ideal way to prevent unauthorized scripts from running. While certain steps can be taken from within Windows, a product would be nice for those who don't want to tweak Windows.

    WormGuard seems to be the best that I've evaluated, but I recently discovered a weakness with respect to running from a command line.

    For instance, WormGuard blocks the attempt to run a .vbs or .reg file from a command line using this syntax:

    ------------------------------
    C:\WG\Finjan_vbs_demo.vbs

    C:\WG\demo.reg
    -------------------------------

    However, it allows the scripts to run when invoked by the particular engine:

    ---------------------------------------------
    wscript.exe C:\WG\Finjan_vbs_demo.vbs

    regedit.exe C:\WG\demo.reg
    ----------------------------------------------

    This is not very comforting, and I'm wondering if there is a setting in WG that I'm missing. I've put both .vbs and .reg in the blocked list editor.

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.