cancel
Showing results for 
Search instead for 
Did you mean: 
sagarmc004
Level 7

HTML applications not blocked by SolidCore

I am running vbscripts embedded in .hta files and these scripts are not under whitelist.

These scripts are allowed to run on solidified system and I am not seeing any access denied errors generated for these vbscripts.

Why hta files are not blocked by McAfee Application Control ?

0 Kudos
6 Replies
SafeBoot
Level 21

Re: HTML applications not blocked by SolidCore

I think the simple answer, is because they are not executables - they are "macros" running under mshta.exe.

0 Kudos
neelima
Level 12

Re: HTML applications not blocked by SolidCore

Security Geek,

The scripts are whitelisted with respect to cscript and wscript engines.

Do you know which interpreter is executing these .hta files?

0 Kudos
SafeBoot
Level 21

Re: HTML applications not blocked by SolidCore

mshta.exe runs .hta files...

0 Kudos
neelima
Level 12

Re: HTML applications not blocked by SolidCore

Will need to understand the process tree context then.

For example is the cscript engine still invoked to execute the embedded vbscripts?

In which case, you can add .hta extension to the existing vbscript scripts rule.


Or you can choose to whitelist all .hta files wrt mshta.exe interpreter.

0 Kudos
neelima
Level 12

Re: HTML applications not blocked by SolidCore

Security geek,

You can get this data by running procmon when you lauch the .hta file.

If you need further help, contact support and they can help you with the steps.

0 Kudos
sagarmc004
Level 7

Re: HTML applications not blocked by SolidCore

I got the answer I was searching for.

Thank you guys.

0 Kudos