Script Defender .....?

Discussion in 'other software & services' started by dja2k, Oct 14, 2005.

Thread Status:
Not open for further replies.
  1. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I needed to know which of these recommended files to protect with Script Defender are windows script files that are already protected with RegRun Gold 4.10, because if I do ever run one, I get one popup from regrun, then another from script defender and becomes annoying.

    .OCX,.COM,.SYS,.DLL,.CMD,.MSC,.EML,.JS,.JSE,.PIF,.MSG,.INS,.ISP,
    .CRT,.LNK,.SCT,.WSC,.VBS,.VBE,.WSF,.WSH,.SHS,.SHB

    I already took some off that were in the complete recommended list that is around this forum like the .bat, htlm, hta, and .reg since regrun gold 4.10 covers them.

    I am also currious about the .sys and .dll since they do have to run at some point or be read, is it safe to have them in the list?

    Thanks,
    dja2k
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    OCX,.COM,.SYS,.DLL, are executables and wouldn't be flagged by a script watcher.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I was curious about RegRun and decided to check it out - very impressive:

    --------------------
    Analyze script files (VBS, JS), Microsoft Office files, registry files or HTML files before execution. It will warn you of suspicious or dangerous scripts, and offer the option of preventing execution. Sophistocated, and unlike most "script blocker" tools, RunGuard works at the .dll level - assuring that it works even if the script is initiated by a false extension, or has been hidden within an email or web page.
    ------------------

    So, I'm wondering why you need Script Defender, since all it does is modify the script filetypes in the Registry to point to SD which flags the alert when a filetype is run. I tested it a while back - here is one example:

    --------------------------
    [HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command]
    @="C:\\Program Files\\AnalogX\\Script Defender\\sdefend.exe %1 %*"
    ---------------------------

    So, you are bound to get double alerts in many cases, and your RegRun is certainly a much more powerful program, since SD does no analyzing.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  4. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    .OCX,.COM,.SYS,.DLL,.CMD,.EML,.JS,.JSE,.PIF,.MSG,.INS,.ISP,.CRT,.LNK,.SCT,.WSC,
    .VBE,.WSF,.WSH,.SHS,.SHB

    I know what you mean of why having script defender, but now that I added it, I can't just remove it without referring XP File Association Fixes for each and they don't all exist. If I don't do that, the file just wont run and give me an error that it can't find it, I am thinking it can't find script defender since it is the referring program associated with that file. Only ones I have removed are the ones here ---> http://www.dougknox.com/xp/file_assoc.htm .


    dja2k
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    If you follow the uninstall procedure correctly, it will restore the default Shell\Open\Command settings for all of the file types it changed. From the info file:

    -------------------------------------------------
    If you do decide to uninstall SDefender for some reason, make *SURE* to load
    it up and choose 'Remove Intercepts' before running the uninstaller - this is
    the only way for it to restore your system to the state it was before you
    installed it.
    -------------------------------------------------

    This and some similar programs were discussed Here


    -rich
    ________________
    ~~Be ALERT!!! ~~


     
  6. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Yeah I have followed that but it doesn't work on my system, something doesn't uninstall correctly. Maybe all the reverst to early dates and stuff I have done messed it up. Anyways its cool for now.

    dja2k
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    Can anyone help me find the association fixes for the rest of these...

    .OCX,.SYS,.DLL,.CHM,.CMD,.EML,.JS,.JSE,.PIF,.MSG,.INS,.ISP,.CRT,.SCT,.VBE,.WSF,
    .WSH,.SHS,.SHB

    Haven't tried to find them individually, but maybe you all know a website for all of them, if not I will find them one by one if they exist..

    I need to remove script defender and need to make them normally handled.

    dja2k
     
Loading...
Thread Status:
Not open for further replies.