Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="LaurentG" data-source="post: 934869" data-attributes="member: 91050"><p>It was also my idea (to split in two or three scripts)</p><p>But I'm afraid that what you propose doesn't solve the problem, since in your splitting, global structure of the 1st script would remain : a download and a run (the run of the second script)</p><p></p><p>It's the reason why I'll probably have a main script that</p><p>1) run a subscript (that only downloads)</p><p>2) then run jhead or sticky depending on the fact that the file supposed to be downloaded exist or not (or maybe based on a return code of second script)</p><p>With this structure, there is no more any script that includes both a download and a run.</p><p></p><p>If this not enough, the only remaining solution would to have two completely separate scripts, and to schedule the second a few seconds or minutes after the 1st. But this becomes a bit complex... and a little bit tricky to manage efficiently (in particular to manage all possible error cases)</p><p></p><p>On the other hand I don't understand when you write :</p><p></p><p></p><p>To be a Trojan downloader, a script would</p><p>1) download a file (the trojan)</p><p>2) run the Trojan, ie. the file just downloaded</p><p>while this script</p><p>1) downloads a file</p><p>2) run a <u><strong>completely different executable</strong></u><strong> <u>already present on the Pc before script run</u></strong> : The file downloaded is not the one that is run.</p></blockquote><p></p>
[QUOTE="LaurentG, post: 934869, member: 91050"] It was also my idea (to split in two or three scripts) But I'm afraid that what you propose doesn't solve the problem, since in your splitting, global structure of the 1st script would remain : a download and a run (the run of the second script) It's the reason why I'll probably have a main script that 1) run a subscript (that only downloads) 2) then run jhead or sticky depending on the fact that the file supposed to be downloaded exist or not (or maybe based on a return code of second script) With this structure, there is no more any script that includes both a download and a run. If this not enough, the only remaining solution would to have two completely separate scripts, and to schedule the second a few seconds or minutes after the 1st. But this becomes a bit complex... and a little bit tricky to manage efficiently (in particular to manage all possible error cases) On the other hand I don't understand when you write : To be a Trojan downloader, a script would 1) download a file (the trojan) 2) run the Trojan, ie. the file just downloaded while this script 1) downloads a file 2) run a [U][B]completely different executable[/B][/U][B] [U]already present on the Pc before script run[/U][/B] : The file downloaded is not the one that is run. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
