logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Protection:Is it possible to block wscript from running .vbs scripts?

CB Protection:Is it possible to block wscript from running .vbs scripts?

Environment

  • CB Protection Server: All versions
  • CB Protection Agents: All versions

Objective

Is it possible to block wscript from running .vbs scripts?

Resolution

Yes, if the environment is configured to find .vbs files interesting.

Additional Notes

  • .vbs files themselves are only interesting because one can enable a Visual Basic script rule to enable tracking of those. However a tool like wscript.exe doesn't care when the filename is called when you run it. If wscript.exe is approved on an endpoint, it can run any file, with any extension (or no extension). It's just a script processor. 
  • Choose to create a reporting rule to track any wscript.exe executions in order to review for malicious behavior, or simply block wscript.exe in the environment, and then create allow rules where needed for the tool to run in specific instances. Otherwise, wscript has no restrictions on what is run as long as wscript.exe is approved.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
996
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.