Reply to thread

Message

<blockquote data-quote="Marana" data-source="post: 1106188" data-attributes="member: 69370">I have a question that is closely related to H_C, although I&#039;m not currently running H_C (but instead a home made SRP tool) in the PC where I came across to a new situation recently. I hope it&#039;s still ok to ask my question here, since the question is SRP specific, and I think that most people using SRP nowadays do use H_C (as I also use in some other PCs), so I think that the question can easily be answered here.I have run SRP for years in all of my Windows computers in default deny mode, enforcement for all files (including dlls). Several years ago I have included a &quot;jscript*.dll&quot; entry in my Disallow list, since I have had no need for Javascript. Recently I installed an USB connected HP printer to one of our workstations and noticed that to be able to print I had to create a custom allow policy for C:\Windows\System32\jscript.dll, which is now required by the printer. It took a while to find out since to my surprise no Event Log entries were generated. Luckily Process Monitor revealed the guilty dll which blocked printing.I have not been actively following the threat developments for various Windows components, so I&#039;m somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...).I&#039;d be grateful if someone knowledgeable could shed some light on this.I did try to use Google and MS copilot to answer the question, but after some trials I came to the conclusion that I&#039;d rather prefer some real intelligence than plain AI stories here... <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile&nbsp; &nbsp; :)" loading="lazy" data-shortname=":)" />Windows 10 Pro 22H2.</blockquote>

[QUOTE="Marana, post: 1106188, member: 69370"] I have a question that is closely related to H_C, although I'm not currently running H_C (but instead a home made SRP tool) in the PC where I came across to a new situation recently. I hope it's still ok to ask my question here, since the question is SRP specific, and I think that most people using SRP nowadays do use H_C (as I also use in some other PCs), so I think that the question can easily be answered here. I have run SRP for years in all of my Windows computers in default deny mode, enforcement for all files (including dlls). Several years ago I have included a "jscript*.dll" entry in my Disallow list, since I have had no need for Javascript. Recently I installed an USB connected HP printer to one of our workstations and noticed that to be able to print I had to create a custom allow policy for C:\Windows\System32\jscript.dll, which is now required by the printer. It took a while to find out since to my surprise no Event Log entries were generated. Luckily Process Monitor revealed the guilty dll which blocked printing. I have not been actively following the threat developments for various Windows components, so I'm somewhat unsure what are nowadays the risks for allowing the access to jscript.dll for standard user accounts (I mean from technical point of view, e.g. if there are known unpatched vulnerabilities in jscript.dll that I failed to find, or what kind of scenarios an adversary could probably try to exploit in late October 2024 by using jscript.dll, etc...). I'd be grateful if someone knowledgeable could shed some light on this. I did try to use Google and MS copilot to answer the question, but after some trials I came to the conclusion that I'd rather prefer some real intelligence than plain AI stories here... :) Windows 10 Pro 22H2. [/QUOTE]

Verification