Hi,
I have a custom application which use java.exe in its installation directory to call wscript.exe. WScript.exe by default is blocked by another policy in our enviornment. How do i exclude/whitelist our custom application and specifically java.exe in our custom application to run Wscript.exe?
Thank you
Hi @Woodchipper
Thank you for your post here! Looking at your description, I am going to go out on a limb and say this is one of the "McAfee defined" Access protection rule that is preventing you from using script process (Wscript.exe or Cscript.exe).
If this is the case, I am afraid we cannot exclude a process under this rule since the processes on which the rule applies are cscript and wscript.exe.
May I please confirm with you the rule in place that is actually performing this block?
Hi @AdithyanT
Can it not be possible to copy the defined rule, modify it as needed and disable the McAfee defined rule? Even if its McAfee defined, can it not be possible to run Wscript if called by a trusted source?
Hi @Woodchipper ,
Thank you for your response. That is a very valid suggestion and I am sure that can be put forth as a PER.
Just for confirmation, Can you please confirm that we are discussing about the rule: "Block scripts ran from common user folders" under Access Protection policy?
Hi @Woodchipper
If the above is the case, here is a very useful thread where, @jess_arman has shared a very useful customized policy that contains the rule custom made so that we can exclude as required.
Rather than copy pasting his response, this thread would be extremely useful in understanding the policy and how we can implement it. I very recently used this one, customized a little bit and it worked perfectly fine in exclusion of script calls from certain user temp location. I would recommend going through this. thread. I sincerely hope this helps.
Can we get the log entry details that shows the block?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA