Does a home user need to disable Windows Script Host?

  • Total voters
    15

SFox

Level 3
Verified
I read that for security you need to disable Windows Script Host, since many malicious programs use this mechanism. However, people also write that after disabling Windows Script Host there will be problems with system updates and the system recovery mechanism. So is it worth disabling Windows Script Host or not?
 

TairikuOkami

Level 25
Verified
Content Creator
However, people also write that after disabling Windows Script Host there will be problems with system updates and the system recovery mechanism.
Some software still uses it, but new ones use powershell, NET Framework and such. Windows updates work fine, but not not sure about store apps, they should use UWP. Windows upgrade also performs normally without WSH, but when I tested 3rd party backup software, it used it for tasks.

camp_02.jpg

WSH is usually the way malware enters the system, without user's interaction.
I rarely need it, mostly for some user generated stuff/scripts, like for games.
When it is needed a user should be notified, either via an error or directly.
 

Attachments

shmu26

Level 84
Verified
Trusted
Content Creator
There is a point in Syshardener - turn off the Windows Script Host. There is an orange mark as a warning that scripts will not work. If you activate this item, will the Windows Script Host completely shut down or will it work in restrict mode?
It will shut it down completely. SysHardener doesn't allow you to restrict or monitor it, although OSArmor and a number of other security softs do give you such a functionality.
It's the kind of thing that you never know when you might need it. Just a little example: let's say you installed Comodo Firewall, decided it's not for you, and uninstall it. When you reboot, a little cleanup script will run, and remove the Comodo leftovers pretty effectively. If you disabled Windows Script Host, you are left with all the garbage.
 

shmu26

Level 84
Verified
Trusted
Content Creator
OK. What other items in OSArmor, other than those noted by Samprei Nihira, are responsible for limiting the Windows Script Host?
IDK. Haven't looked at it in a long time. Others following this thread can tell you if there are any other items like that.
 
Last edited:

TairikuOkami

Level 25
Verified
Content Creator
At least try avoid fiddle with this on your grandparents pc. :coffee:
I disable it on every computer I get my hands on, especially on my grandparents. :D

Symantec offered the tool to enable/disable it with one click, but it was removed recently.
Some mention it, but they do not want users to disable it . Who would need theirs AV then?!
2019 - That’s it for now: given the widespread distribution of VBS viruses and malwares attached to e-mails throughout the whole Europe, we can only recommend to preventively disable WSH to all system administrators, unless explicitly required by specific scenarios.
 

shmu26

Level 84
Verified
Trusted
Content Creator
Hard_Configurator offers two ways of controlling Windows Script Host. It can be blocked completely, similar to SysHardener, or it can be restricted. When it is restricted, that means it can be run only with elevated privileges.
 

Sampei Nihira

Level 4
Verified
If any MT user is interested in my old vbs test with I.E.8 and MBAE intervention.
MBAE intervention for a VBS exploit has a different layout than other exploits:



Good night to you all .:)
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
Hard_Configurator offers two ways of controlling Windows Script Host. It can be blocked completely, similar to SysHardener, or it can be restricted. When it is restricted, that means it can be run only with elevated privileges.
In H_C Windows Script Host can be disabled by Windows policy or restricted by SRP.
The SRP in H_C settings can restrict it as follows:
  1. Block script Interpreter with standard privileges and allow it with higher privileges. No whitelisting available.
  2. Allow script Interpreter, but block script files with standard privileges and allow script files with higher privileges. Blocked scripts can be whitelisted by the user.
The blocked events can be seen in H_C, so the user can see the paths of scripts that he/she would like to whitelist (they will not be blocked).
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
I disable it on every computer I get my hands on, especially on my grandparents. :D

Symantec offered the tool to enable/disable it with one click, but it was removed recently.
This tool did not disable Windows Script Host, but only script files by file extensions (similarly to SysHardener). The scripts could be still run from the command-line, for example:
wscript /e:vbscript ....

The reg tweaks proposed in both articles are incomplete for Windows 64-bit. The block can be bypassed by using a command-line with 32-bit versions of script Interpreters from the "c:\Windows\SysWOW64" folder. (y)
 
Last edited: