This content has been marked as final. Show 3 replies
ah, ok, my logic is wrong, of course the process that runs from the .bat file is cmd.exe....
Well, I don't want to exclude that process.....how should I go about exluding the logon scripts?
Maybe you need to look a little deeper. Not sure why you would need to exclude a login script (batch file), but I guess that is not the point.
If you excluded cmd.exe all you would exclude are internal commands (ren, cd, etc.) and possibly the actual launching of external commands. The External commands I think are what you want to exclude.
So, if you ran WinWord.exe from your login script, WinWord.exe would be what should be excluding. (This is a ridiculous example; please do not presume that this is a safe exclusion.)
In general, login scripts run, usually 1 or 2 times a day per PC or user, are small, and are not generally that extreme in length that I would even consider this for exclusion. ScriptScan is really targeting java, java scripts, visual basic, etc., where each script is run and possibly loops, with other applications involved, such as Outlook, Internet Explorer, Word, or Excel. Excluding a trusted CRM (IE based script) package may be useful for performance reasons, for instance. What major benefit would you get from excluding a login script batch file?
To me, every exclusion made must be done with balancing benefits (performance, reliability, functionality) against security risks. I always consider: What would a security auditor think about this exclusion? Is it really needed? If yes, I can therefore Justify my reasons in writing balancing security exposer to benefits.
So, what is it you need to Exclude in a login script? Can you quantify the benefits?
Thanks for your advice, I agree with your thoughts.
In any case, does anyone know if this is possible, to exclude the logon script and the items it is calling?