HTAstop2003 and WormGuard hidden exclude list?

Discussion in 'WormGuard' started by Devinco, Aug 9, 2004.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Everyone,

    As you know, HTAstop2003 replaces mshta.exe with notepad to disable execution of hypertext applications. This also causes (at least on WinXP) the side effect of not being able to run the control panel applets: Add or Remove Programs and User Accounts (both HTA).

    WormGuard by default has .HTA listed in the blocked filetypes and yet one is still able to execute these HTA control panel applets. The allowed list editor is empty. Why are the hta control panel applets allowed to run? Is there a hidden "exclude list" that lets you run specific files that have their extension blocked?
    Can this list be modified? Are items on this hidden "exclude list" still checked by WG for worm activity? (items on the allowed list are not checked)

    Also, do you think it is unnecessary to have both HTAstop2003 and WormGuard(only considering HTA)? WormGuard blocks HTA from executing (except those Contol Panel applets, which is good) and HTAstop2003 removes the ability to execute HTA. (I understand that WG is much more capable)
     
    Last edited: Aug 9, 2004
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I removed HTAstop2003 long time ago and my system was more happy.
    You can edit the blocked list and add more file types (left panel) and filenames (right panel).
    WormGuard does bunches more then only looking into HTA files and worms. How about scripts, suspicious files, macros, the ability to look into file sources in a safe way, etc?

    https://www.wilderssecurity.com/showthread.php?t=16419
    The discussion in this thread and the link to another one with update suggestions might be very helpful too, btw.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Jooske,

    Thanks for your reply and the links. Before my first post, I read EVERY WormGuard post to make certain this wasn't covered elsewhere (I also read through the help file).
    I am a registered customer and happy with the product (of course eagerly awaiting the new version). :) I understand WormGuard is technically superior to HTAstop2003 in every way. I will clarify. There is an interesting behavior of WG: the ability to execute the HTA control panel applets (Add Remove Programs and User Accounts) even though HTA is on the Blocked File Types list (and the allowed files list is empty). This behavior leads me to ask these questions:

    1. Are these two HTA control panel applets scanned by WG prior to executing?

    2. If yes, is this "hidden list" of allowed but scanned files editable?

    This would allow current WG users to have a little more control to have an "allow but scan" list for blocked file types.
     
    Last edited: Aug 9, 2004
Thread Status:
Not open for further replies.