I've downloaded and installed WG. Other than opening the program and clicking "test", HOW do you know it's running? There is nothing in the task bar area and I can see nothing when I pull up Task Manager...................shouldn't it have some sort of process running?
f_disk, grab a text editor, type some randomly chosen words, save the file as for example "testing.vbs", and execute the file. WG should jump right at it. regards. paul
Paul, I did that...........the double extension test worked fine...WG caught it. Using Notepad, doing save as any file type and naming it text.vbs gave me some sort of compilation error...WG didn't catch it. See my screen shot here towards the bottom..... http://www.dslreports.com/forum/remark,4952649~root=security,1~mode=flat Why isn't my whole link highlighted as html..............? it is now
Do you have the Windows Scripting Host still installed (you can, no problems with that, the contrary!) Open notepad, and type this: Msgbox "This is a VBS script running" Now save as test.vbs click the thing, you can expect a messagebox popping up telling "this is a VBS script running" Now save again as test.vbs.vbs or any double extension you like. Now click it again. WG should jump in with a warning message about at least the double extension. Have a try with some terrible text in it and see if WG does like to allow you to delete or modify or infect files and install viruses, whatever kind of text you type there. If you did edit or see in the default several files to be blocked like funlove and goner and such in WG you can expect some warnings when you put such names in your test file. You won't see processes running as WG runs all silently in the background, not costing any resources, but jumping up the moment needed.
f_disk Your link isn't showing up because you didn't use URL tags: ... Seems like you saved the file as a .txt file; pick "all files" instead. After doing so, this warning pops up (see attached screen shot): regards. paul
Paul, I did not save it as a .txt file. See the screenshot above......it is named test.vbs Jooske, I'll try that.
Jooske, I used your example and it worked exactly like you said...I got the message "This is a vbs script running"....then renamed it to a double extension and WG caught it and popped up. I then opened it and editied it to just have garbage characters in it: dfjkdjfdjfkjiejei (NOTE I DID NOT PUT MSGBOX or ANY QUOTES) did save as any file type, test.vbs And I got the error in my screenshot above.......
Windows is so very nice eh? I saved it on my desktop, so always at hand to play around with it. This is the content of my test.vbs at the moment (just drag it to an open notepad to change and save again is the easiest) Msgbox "This is a VBS script running" dfjkdjfdjfkjiejei goner.scr With this it opens the messagebox, after clicking the OK i get an error message for wrong type on that line of yours, if between " " i get an error expecting some action, give the goner a double extension and you will get an error on that, etc. Anyway, you know now your scripting host and wormguard are working fine and windows with all those error messages. (wished windows would give help suggestions how to correct the things )
I thought it was supposed to intercept ALL .vbs extensions! This IS NOT the case, since in the screenshot above, Windows let it run. Right / Wrong Thanks.
There was not any reason for WG to grab the "garbadge.vbs" as there was no executable thing to do, just a word to be displayed in a messagebox. I copied some script part in it and immediately got warnings. I don't know enough of VBS to make it a jukebox telling it to start playing a file on my system, while in TDS scripting part i can
If you tell WG to block the vbs scripts too, just add it to the file extensions to be blocked in the left panel. See what happens if you put exe and other frequent extensions there too, i don't think you will like that
Hhmm. I tried this as well as the other variations and nothing happened. I don't mean that WG4 did nothing I mean the VBS file doesn't do anything. I right click on properties and windows IDs it as a VBS file but nothing happens. I am assuming this is a good thing rather than a bad thing. I know I have trimmed my services back, is it possible I disabled a service that prevents this from working? Any reason why this would be a bad thing? Specs Wk2 Sp3 P4 1.5ghz Intel 850GB NOD32/WG4/TDS-3/Spyblaster running
Hi Luthorcrow, I'm wondering if by this statement you mean that Visual Basic Scripting is disabled on your system? I created the image below to show how VBS looks and works on my Windows XP system. First, notice in Windows Explorer that the file "test.vbs" has a special script icon, and that Windows identifies its filetype as a "VBScript Script File". Does yours show this or does it show the filetype as "VBS File"? (If it's "VBS File" it means the association of the file extension ".vbs" is not with Windows Scripting Host facility.) Also, in the Notepad window, notice the single vbs script command line - a msgbox like in one of Jooske's examples. When I run this (by double clicking test.vbs, or by right-click it and selecting "open", the default action), I get the pop-up window. Can you try this and see if that is what you get? If VBS does not run at all on your system, you are right, it is a good thing, or at least it might be. If you don't need to run VBS for any specific purpose on your system, having it disabled is good for your overall security. (I leave it enabled on my system because I sometimes write simple scripts to automate some functions on my PC.) As for WG "catching it", I think the point above was that it could catch it if it was set to always block .vbs file execution. And, also it seems that if harmful actions/functions were coded in a vbs script, those too would be blocked by Wormguard. Obviously, a message box is not harmful. Thoughts? LowWaterMark
Did as you directed and it appears that I must have disabled visual basic on my system. It's possible that I did it during one of the many security tutuorals I have tried (ex: Techspot Guide and Tweaks). I am kicking myself because my mental audit is drawing a blank on this, but it explains why my wife's Sim Mod programs no longer work (almost all of them need visual basic to run). To bad, because it hasn't caused me any pain otherwise. I guess I am off to Google to figure out how to undo what I have done
Hi Luthorcrow: First I will be posting some pics, so need to have 3 posts as no facility to post multiple in this forum Now I do not know if this is the problem, but do you have Scripting in IE/options in Security marked disable. I don't know if this would be the trouble or not. See pic. then I will describe in next posts about WG role and VBS.
OK. I presume you DO HAVE .vbs in the "Blocked Editor's List" in WG. If NOT, there is no way WG will react to a non-malicious execution of a VBS file, as it has not been told to block ALL vbs executions. If that has been added, and you try to execute a "test.vbs", then WG *should* issue a warning like my pic [forget the wording, I play around with the message boxes for my daughters to read, lol] What you put in the actual file, does not matter. I usually just put the word "test". DOES NOT MATTER. Here is pic of warning.
Wormguard 3 only picks up VBS files which are "violent" in nature or trigger off a detection routine. For example just displaying a messagebox won't make Wormguard 3 say "do you want to run this VBS file" because there is nothing harmful in it. As the others have said you can make it block all VBS files if thats what you want to do and it will pop up on each VBS file. Hope that clears up some confusion. -Jason-
OK, I disable WG [uninstalled the protection, not the program] and here is what I get now. It's an error message, because the CODE [the word "test" ] does NOT mean anything, therefore it cannot actually run. Unlike LowWaterMark's posts, he actually put in correct coding.
Hi Jason. Enjoy your break. Yes, Luthor seems to not even have VBS enabled on his system at all, not just for WG, but in general I gather. he could not display any message at all [presuming he added .vbs in the Blocked Editor's List]