Getting control of VBS

By default I would like to block execution of .vbs files and follow that up with a list of exceptions.

I started by creating a group called VBS Software and then blocking all the software in that group which matches *.vbs. I then created a group called “My Trusted Apps” in the Defense+ Rules and populated it with specific files like MSMPEng.vbs.

In checking the logs it looks like at least some of these exception files are still getting blocked. Is there a better way to accomplish what I’m trying to do?

Can you see if moving the Group My Trusted Apps to the very top of the list does the job or not?

That is in fact where it is.

I can’t think of anything other than making a list with blocked scripts rather than allowed scripts. But that may not be what you are looking for.

Other than that with default settings you will be notified for script with Do heuristic command-line analysis for certain applications:

Selecting this option instructs Comodo Internet Security to perform heuristic analysis of programs that are capable of executing code such as visual basic scripts and java applications. Example programs that are affected by enabling this option are wscript.exe, cmd.exe, java.exe and javaw.exe. For example, the program wscipt.exe can be made to execute visual basic scripts (.vbs file extension) via a command similar to “wscipt.exe c:\tests\test.vbs”. If this option is selected, CIS detects c:\tests\test.vbs from the command line and applies all security checks based on this file. If test.vbs attempts to connect to the internet, for example, the alert will state ‘c:\tests\test.vbs’ is attempting to connect to the internet (Default=Enabled).

Yes… I’d rather have a fail safe solution, permitting only on exception.

I asked the mods to come and take a look.