|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: REAVA, JEFFREY [IT/0200] (jeffrey.reava_at_pharmacia.com)
Date: Mon Oct 07 2002 - 12:02:57 CDT
Would it make sense to change the default association with *.vbs files so
that you can logically filter which scripts are allowed to run?
Replace the original association in the registry with this:
HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command
C:\WINNT\System32\WScript.exe C:\WINNT\System32\wshcheck.vbs "%1" %*
where wshcheck.vbs first opens the vbs file, checks for the string
"ApprovedByRubio" on the top line. If it isn't there, warn the user that an
unsigned script attempted to execute, call the help desk, etc.
HTH,
Jeff
-----Original Message-----
From: jtnim
hotmail.com [mailto:jtnimhotmail.com]
Sent: Monday, October 07, 2002 2:36 AM
To: focus-mssecurityfocus.com
Subject: Can I delete Wscript.exe?
One way to guard against script viruses and worms is obviously to delete
Wscript.exe entirely. What I'd like to know is how does this affect the
system (W2k)? Do I loose features that I might need? Also, I'm not exactly
sure whether IE and Outlook Express use Wscript.exe to run scripts, so any
info on that would be appreciated. Good links will do!
Thanks!
-- Rubio
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]