cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
um_idk
Level 7
Report Inappropriate Content
Message 11 of 12

Re: How to make an exception for *.vbs files

Hi HBSS_Admin,

You can utilize HIPS in lieu of this specific VSE Access Protection rule by enabling IPS rule 3893 (Access Protection - Prevent execution of scripts from the Temp folder).  This will enable you to create a more specific (IPS) exception while maintaining a higher level of security than VSE would offer by excluding cscript in its entirety.

Sincerely,

umk_idk

newbernd
Level 7
Report Inappropriate Content
Message 12 of 12

Re: How to make an exception for *.vbs files

I would also like to see the exclusion filters apply to the Threat Target File Path field.  This seems like the most obvious way to combat the problem. 

The suggestions to use high/low risk processes rules unfortunately have no bearing on the Access Control policies. 

While HIPS policies may give you finer control here, HIPS is a complicated beast to deploy. This should be a simple thing.  If you have a rule that is described as "controlling scripts" in the temp folder, and you have a provision for exclusions, then the exclusion should at least apply to the script name and not the interpeter.  This is a good idea but unfortunately the implementation renders useless.

Message was edited by: newbernd on 4/16/13 9:09:22 AM CDT
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community