Endpoint Security's Anti-Exploit protection is blocking Visual Basic 6

Document created by aprobert Employee on Jun 5, 2018Last modified by jyamada on Jan 23, 2019
Version 8Show Document
  • View in full screen mode

Malwarebytes' Anti-Exploit protection hooks into browsers to monitor for the launching of VBscript interpreters with a generic detection and block all VBscript invocations.

This is consistent with Microsoft’s statement that “VBScript is deprecated in Internet Explorer and is not executed for webpages displayed in IE11 mode”.  Refer to Disabling VBScript execution in Internet Explorer 11.


Microsoft recommends the use of JavaScript in preference to VBScript and to contact your vendors for plans.


If you need to use VBScript for an internal application, the detection can be disabled by going into the advanced settings and disabling this protection. 


Disable VB Scripting in Malwarebytes Management console

To disable this protection in the Management Console:


  1. Log in to the Management Console.

  2. Go to Policy > Anti-Exploit > Advanced ... button in the bottom right.

  3. Under the Application Hardening, uncheck Disable Internet Explorer VB Scripting.


To maintain this protection, Microsoft has a new feature to disable VBScript from Internet Zone and Restricted Sites Zone, which can be enabled via registry setting and through group policy object (GPO).  This is documented in KB 4012494, Option to disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone.