Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
How to prevent efficiently Defender from considering a given VBS script as containing a threat
Message
<blockquote data-quote="LaurentG" data-source="post: 935122" data-attributes="member: 91050"><p>Another point that makes me doubtful with Defender (and is about scripts) is the following : The Anti-ransomware protection of Defender prevents scripts to modify files in protected folders, that is OK. </p><p>But if you want to create an exception (because you have a script you want to allow).... with Defender <strong>you are obliged to create an exception on wscript.exe</strong>.... which means that ANY script becomes allowed.... which means that there is no more any anti-ransomware protection, as soon as ransomware uses script technology.</p><p></p><p>While with Avast, you have to put an exception <strong>script per script</strong>, and then to allow a specific script do not become a full breach.</p><p></p><p>So, I can agree with your analysis (at least some parts of it). Nevertheless, a big concern with Defender (IMHO) is that <strong>it is not "specific enough" when you create exceptions</strong> :</p><p>- it was my initial problem : I wouldn't care that Defender "detects" Trojan:VBS/Mountsi.A!ml in my script, <strong>if I were able to put an exception ONLY for my script</strong>, and not be obliged to put a global exception on any Trojan:VBS/Mountsi.A!ml</p><p>- and this second point with Anti-Ransomware protection against malicious scripts</p><p></p><p>For me, the main problem with Avast which makes me still a little bit hesitant to use it again is the fact they have been told recently to be SELLING privacy data of their users.</p><p><strong><u>Do you know if this is still the case, or did they go back on this point ?</u></strong></p><p></p><p>PS : Thank you for your link , I'll have a look on it.</p></blockquote><p></p>
[QUOTE="LaurentG, post: 935122, member: 91050"] Another point that makes me doubtful with Defender (and is about scripts) is the following : The Anti-ransomware protection of Defender prevents scripts to modify files in protected folders, that is OK. But if you want to create an exception (because you have a script you want to allow).... with Defender [B]you are obliged to create an exception on wscript.exe[/B].... which means that ANY script becomes allowed.... which means that there is no more any anti-ransomware protection, as soon as ransomware uses script technology. While with Avast, you have to put an exception [B]script per script[/B], and then to allow a specific script do not become a full breach. So, I can agree with your analysis (at least some parts of it). Nevertheless, a big concern with Defender (IMHO) is that [B]it is not "specific enough" when you create exceptions[/B] : - it was my initial problem : I wouldn't care that Defender "detects" Trojan:VBS/Mountsi.A!ml in my script, [B]if I were able to put an exception ONLY for my script[/B], and not be obliged to put a global exception on any Trojan:VBS/Mountsi.A!ml - and this second point with Anti-Ransomware protection against malicious scripts For me, the main problem with Avast which makes me still a little bit hesitant to use it again is the fact they have been told recently to be SELLING privacy data of their users. [B][U]Do you know if this is still the case, or did they go back on this point ?[/U][/B] [U][/U] PS : Thank you for your link , I'll have a look on it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
