3 Replies Latest reply on Jun 18, 2009 9:41 PM by rhythm_methods

    ScriptScan Exclusions - Excluding logon scripts

      I have a .bat file that runs as my logon script, which calls some VBE scripts.

      I am thinking that if I add the .bat file to the scriptscan exclusions list that it should then mean that any of the VBE files that it calls should be excluded by scriptscan.

      Is my logic correct?

      How do others exclude there logon scripts from being scanned by McAfeee?
        • 1. RE: ScriptScan Exclusions - Excluding logon scripts
          ah, ok, my logic is wrong, of course the process that runs from the .bat file is cmd.exe....

          Well, I don't want to exclude that process.....how should I go about exluding the logon scripts?
          • 2. Exclude Login Script?
            rmetzger


            Maybe you need to look a little deeper. Not sure why you would need to exclude a login script (batch file), but I guess that is not the point.

            If you excluded cmd.exe all you would exclude are internal commands (ren, cd, etc.) and possibly the actual launching of external commands. The External commands I think are what you want to exclude.

            So, if you ran WinWord.exe from your login script, WinWord.exe would be what should be excluding. (This is a ridiculous example; please do not presume that this is a safe exclusion.)

            In general, login scripts run, usually 1 or 2 times a day per PC or user, are small, and are not generally that extreme in length that I would even consider this for exclusion. ScriptScan is really targeting java, java scripts, visual basic, etc., where each script is run and possibly loops, with other applications involved, such as Outlook, Internet Explorer, Word, or Excel. Excluding a trusted CRM (IE based script) package may be useful for performance reasons, for instance. What major benefit would you get from excluding a login script batch file?

            To me, every exclusion made must be done with balancing benefits (performance, reliability, functionality) against security risks. I always consider: What would a security auditor think about this exclusion? Is it really needed? If yes, I can therefore Justify my reasons in writing balancing security exposer to benefits.

            So, what is it you need to Exclude in a login script? Can you quantify the benefits?

            Just curious,
            Ron Metzger
            • 3. RE: Exclude Login Script?
              Hi,

              Thanks for your advice, I agree with your thoughts.

              In any case, does anyone know if this is possible, to exclude the logon script and the items it is calling?