By default I would like to block execution of .vbs files and follow that up with a list of exceptions.
I started by creating a group called VBS Software and then blocking all the software in that group which matches *.vbs. I then created a group called “My Trusted Apps” in the Defense+ Rules and populated it with specific files like MSMPEng.vbs.
In checking the logs it looks like at least some of these exception files are still getting blocked. Is there a better way to accomplish what I’m trying to do?
Selecting this option instructs Comodo Internet Security to perform heuristic analysis of programs that are capable of executing code such as visual basic scripts and java applications. Example programs that are affected by enabling this option are wscript.exe, cmd.exe, java.exe and javaw.exe. For example, the program wscipt.exe can be made to execute visual basic scripts (.vbs file extension) via a command similar to “wscipt.exe c:\tests\test.vbs”. If this option is selected, CIS detects c:\tests\test.vbs from the command line and applies all security checks based on this file. If test.vbs attempts to connect to the internet, for example, the alert will state ‘c:\tests\test.vbs’ is attempting to connect to the internet (Default=Enabled).