Trying something different

Yes, you are right :slight_smile:
But if one needs wscript to launch scripts rather frequently, this is not a solution, i guess.

Yes, you’re right.

Both are good points.

What I have done to totally stop wscript.exe from running, within D+, was by going to Computer Security Policy and finding explorer.exe, double clicking it then clicking “Access Rights” then going to the “Run an executable” clicking the “Modify” button next to it then adding the path(browse or type the path in) to wscript.exe on the blocked side. I did not change the “Ask” setting though. When I try to run it it will bring up a “You do not have rights to access this program” and kills it. I also added cmd.exe to the blocked list as I was able to run wscript.exe from a .bat file and this stops it. I will go back and setup .bat files later but for now this stops it.

Now for the person that wants to run it sometimes, I had one D+ setup that would ask every single time if you chose not to remember it. I can’t remember offhand how I did it because I was looking for something that would kill it dead every time. I will go back and try and set that up again in D+ as that could also be a safe option for someone that is running it on purpose yet still give a prompt if they weren’t.

I have been messing with explorer.exe and Computer Security Policy mostly. Seems a lot of stuff goes thru explorer.exe. Heck, I even actually went and read some of the help files for D+. Maybe that is what they made them for. ;D

Ok, I remembered how I set up wscript to give a prompt each time. Of course I got rid of the other setup first and then added wscipt.exe to Computer Security Policy as an Isolated Application. If you don’t let it remember then it will ask each time it is started.


  1. If you start wscript.exe from Start>Run then the program trying to open it will be explorer.exe and you will get the No Persmissions popup if you block it.

  2. If you start a command prompt from Start>Run then start wscript from there then the program trying to run it will be cmd.exe and you will also get the D+ popup whether to allow or deny and if you block it you will get Access Denied in the command window without the No Permissions window popping up.

  3. If you try to start wscript from a .bat file then the program trying to open wscript will be cmd.exe. If you block this then there will be no popup telling you that you do not have permissions to run this file. Everything just closes and that’s it.

  4. If you go to the system32 folder and run wscript from there then explorer.exe will be the program trying to run it. If you block the D+ request then you do get the No Permissions popup.


You know I got to thinking (scary, huh?), if I approve\block a program to run then where does it go? What does D+ do with the programs after you approve or block it if you remember the decision? How do you find them?

If you read the popup alert look at the first program in the alert and this is the program that is trying to run the second program. So what a person is doing is allowing the first program to open the second program if you approve it. Now if you remember the approval by checking Remember on the alert then the second program will be listed on the Allowed list of the first program listed in Computer Security Policy. If you approve the request and check Remember then you have allowed the first program to always open the second program without asking you.

If you Block the program from running and do not check Remember then it will ask each time whether you want to run it or not.

After I read my previous post in this space, I have deleted the other comments I made as it was a bad and incorrect example. I was trying to be too general and it simply was not correct.


Let me put it in this way (you guys said as much, but i’ll just say it again):

-If you never or rarely use cmd or wscript, just disable it / block it permanently.
-If you use them regularly, you can’t honestly set D+ to ask every single time it is run. Unusable imo.
-Script blockers are incomplete - afaik, mainly the problem is if you run in cmd “wscript.exe scripttest.vbs”, no script blocker will intercept. If you run just the scripttest.vbs, they will block it. If you open a .doc with scripts, WG/RG/Script Sentry can block it.
I liked SS a lot, simple messages (‘this file may execute a program’ for instance) and it can prompt for every script, whether it found something suspicious or not (you can change that to warn only is suspicious). It’s a keeper for me, has a problem with the uninstaller but you can use an uninstaller that monitors installs to remove it completely.
-I believe D+ monitors what wscript.exe/word.exe (with macros) does by interpreting the script. Is it as complete, i got no clue.
-My computer seems to be dragging :confused: , i may need to delete the xp partition to make room ;D

-If you never or rarely use cmd or wscript, just disable it / block it permanently.

-If you use them regularly, you can’t honestly set D+ to ask every single time it is run. Unusable imo.

I am glad you are choosing to participate Pedro as you always seem to view things in multiple ways and usually bring up valid points and it seems you have tried every single piece of software in the world. Where do you find the time? ;D

In this quote you are right on both points. But you could also add a third way, which is what Ragwing suggested and that was by trusting it and letting D+ tell you if it suspects something, that is another way to do it. The second part of your quote is also valid and I only was trying to see that if a person always wanted to know when it was running then they could very easily do that in D+. I agree with you in that that would be popup fatigue if you used it very often. But let’s say you never use it, then this would be a flag to tell a person that, hey, why is that running when it shouldn’t be?

The first method I gave was to totally disable it. And the reason I gave that method was that the way Ragwing said it could be done would be just fine for the person that has that knowledge (changing files in system32 folder). And some people that are new to this stuff might be brave enough to give it a try. But, would I suggest that to my dad or grandfather? No. Hence let’s see if it can be done real simple in D+.

-My computer seems to be dragging :/ , i may need to delete the xp partition to make room ;D

Been there, wanted to do that, too.



I used to have more time :frowning:

Sure, but if you use it rarely, why not just block it?
If CFP had a way to choose “execution rights” for each process (default being normal functioning)like 3 “modes” (i posted this is another thread) it would gain great flexibility for this:
-one that asks for the password in order to execute the program (you double click the file and CFP prompts for the password);
-another one that simply blocks it if CFP is locked (when we need to enter the password to enter the GUI), and allows it if CFP is unlocked, or not password protected;
-the last one is, obviously, not locked, rules are simply applied (and these either permanently allow or deny for everyone). This would be the default.

Of course, if one needs to use scripts alot, it’s probably just allowed. But lots of peope would gain from this, me included! (password protect IE, cmd, wscript, etc.)

I think you can even uninstall WSH, but i’m not sure. Yes, if you don’t have any use for it, ever, disable it.

How this can be done for specific file with the help of D+ only? Password protection in D+ is global feature as i know. Am i missing something?

I say if:

But it’s for another thread.

Sorry, i have missed.

No need to apologize :slight_smile: