5 Replies Latest reply: Dec 2, 2013 7:39 PM by petersimmons RSS

    Security Risk in Script Scan disabling


      Hi All,


      I am planning to disable McAfee Script Scan option in ePO for all the work stations. I have 42K desktop machines reporting to ePO which has ScriptScan enabled. I would like to conduct a Security Impact Analysis before disabling the ScriptScan. Can some one help me figure out the pros and cons of Script Scan and what are the risks associated with disabling it. ?




        • 1. Re: Security Risk in Script Scan disabling

          Moved from Consumer products to Business > ePO for better support.


          Message was edited by: Ex_Brit on 29/11/13 12:03:07 EST PM
          • 2. Re: Security Risk in Script Scan disabling

            To be honest it looks more a question about the endpoint than ePO, moving again to VirusScan Enterprise.

            Hope you don't mind !

            • 3. Re: Security Risk in Script Scan disabling

              Thanks, I wasn't absolutely certain it belonged there anyway.  ;-)


              Message was edited by: Ex_Brit on 29/11/13 12:03:52 EST PM
              • 4. Re: Security Risk in Script Scan disabling

                Risk is difficult to quantify.

                Some easy questions to help though -

                1. Have you been receiving any events from ScriptScan detections?  If yes, consider Risk as very high for your starting point.

                2. Have you a means to enforce/restrict Users to only use Internet Explorer as the browser?  If no, the value of ScriptScan to you has shrunk significantly; at which point you'd probably ask "Why use it?".


                ScriptScan acts as a proxy between an application (usually that's IE) that wants to run a script (VBScript or Javascript are supported), and the Windows Scripting Host that actually runs the script.

                Usually it's IE and MS Outlook that are the entry points, running these types of scripts.


                The protection ScriptScan adds is that these applications can run scripts WITHOUT THE SCRIPT TOUCHING DISK. Which means, the script can run without the On-Access Scanner "seeing" it, since OAS needs file activity for there to be a scan. So if you're in an environment where Users are prone to visiting sites or receiving emails in HTML format with scripts being rendered on the fly, you either need ScriptScan or some other solution that is scanning web content (at a gateway or inline between the gateway and your Users, for example) before it reaches your users.

                But, back to Question 1, if you don't have any such events you probably have sensibly safe surfers on your network.

                • 5. Re: Security Risk in Script Scan disabling

                  To expand a tad bit on William's explanation, you should NOT disable this feature unless you have a highly specific problem with this feature. If you haven't had enough issues that you have opened a support ticket and attempted to resolve it then you haven't tried enough.


                  In my experience this is a bad thing to turn off for workstations. It will catch things that cannot be caught any other way.