I am running vbscripts embedded in .hta files and these scripts are not under whitelist.
These scripts are allowed to run on solidified system and I am not seeing any access denied errors generated for these vbscripts.
Why hta files are not blocked by McAfee Application Control ?
Will need to understand the process tree context then.
For example is the cscript engine still invoked to execute the embedded vbscripts?
In which case, you can add .hta extension to the existing vbscript scripts rule.
Or you can choose to whitelist all .hta files wrt mshta.exe interpreter.