5 Replies Latest reply on Jan 6, 2010 10:41 AM by nashcoop

    WScript.exe blocked from reading index.dat detections

    nashcoop

      Since late last week I began receiving detections like the one below from dozens of systems running VScan 8.7, Patch 2, running the ePO agent 4.0.0.1494, and being managed by ePO 3.6.1.255. I am the only person who manages ePO, and made no changes to the access protection settings, and don't understand how WScript.exe would even be related to the index.dat file since it only holds URL browsing information.  At first I assumed it was a false positive detection that would be resolved with a DAT the following day.  But a week later and I'm still getting buried with this detection.  I do not want to create an exclusion for WScript, or disable the setting until I know more about why this detection is being triggered.

       

      Has anyone else seen/experienced similar detections over the past week, or have any idea why WScript would be trying to read the index.dat file?

       

       

      12/29/2009 11:15:44 AM Would be blocked by Access Protection rule  (rule is currently not enforced)  C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\*****\Local Settings\Temporary Internet Files\Content.IE5\index.dat Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read
      12/30/2009 11:17:14 AM Would be blocked by Access Protection rule  (rule is currently not enforced)  C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\*****\Local Settings\Temporary Internet Files\Content.IE5\index.dat Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read
      12/31/2009 10:58:35 AM Would be blocked by Access Protection rule  (rule is currently not enforced)  C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\*****\Local Settings\Temporary Internet Files\Content.IE5\index.dat Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder Action blocked : Read