I am running vbscripts embedded in .hta files and these scripts are not under whitelist.
These scripts are allowed to run on solidified system and I am not seeing any access denied errors generated for these vbscripts.
Why hta files are not blocked by McAfee Application Control ?
The scripts are whitelisted with respect to cscript and wscript engines.
Do you know which interpreter is executing these .hta files?
Will need to understand the process tree context then.
For example is the cscript engine still invoked to execute the embedded vbscripts?
In which case, you can add .hta extension to the existing vbscript scripts rule.
Or you can choose to whitelist all .hta files wrt mshta.exe interpreter.
You can get this data by running procmon when you lauch the .hta file.
If you need further help, contact support and they can help you with the steps.