- Jan 6, 2022
- 520
Tru dat (and they very frequently do).An AV can do 100% on EXEs and get screwed on .VBS , .JS , .HTA etc
Only partially.I see they're talking about me, so I'll answer
Tru dat (and they very frequently do).
They will always be an issue if script engines have admin rights and whole system access. In the end work smart and not hard.I remember your posts (with videos) from several years ago about the danger of scripts and scriptors, for example:
View attachment 277459
It seems that they are equally dangerous today, despite the big effort done by AV vendors.
There are several techniques that make scripts dangerous without admin rights.They will always be an issue if script engines have admin rights and whole system access. In the end work smart and not hard.
And before someone suggests it, getting rid of PowerShell, etc. is not always an option.There are several techniques that make scripts dangerous without admin rights.
It is an option most of the time. I am not sure in this day and age which sysadmin will want to run complicated scripts on PowerShell when they can just log-in and do the job quickly, and more reliably.And before someone suggests it, getting rid of PowerShell, etc. is not always an option.
Wish it was hahaAnd before someone suggests it, getting rid of PowerShell, etc. is not always an option.
Agreed. But then again its not easy. Simple scripts can even breach these solutions. Even some of the betters ones always get bypassed. I guess its all about lowering damages and insurance payouts.A well developed anti-malware application should have no issue with Scriptors of any type. The desire to have various things blocked (like PowerShell or vbs) is just catering to those products that are not as well coded.
The burden is that the developer should differentiate between the good and the bad, and not for the User to determine what should or should not be run.
It’s easy to say what should and shouldn’t be done but when one attempts to do it, there is a whole load of challenges that come up.The burden is that the developer should differentiate between the good and the bad, and not for the User to determine what should or should not be run.