Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,538
...
I have not been actively following the threat developments for various Windows components, so I'm somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...).
Allowing jscript.dll is acceptable on updated machines because SRP independently blocks JScript files if the SRP default security level is set to Disallowed. Of course, caution is required when whitelisting the JScript files in UserSpace. In your case, the printer probably uses the JScript file for something, so that particular file should be whitelisted (by hash or path), too.
You can still block jscript9*.dll to prevent JavaScript exploits related to Internet Explorer (some IE compatibility is still included in other web browsers).