Malwarebytes' Anti-Exploit protection hooks into browsers to monitor for the launching of VBscript interpreters with a generic detection and block all VBscript invocations.
This is consistent with Microsoft’s statement that “VBScript is deprecated in Internet Explorer and is not executed for webpages displayed in IE11 mode”. Refer to Disabling VBScript execution in Internet Explorer 11.
If you need to use VBScript for an internal application, the detection can be disabled by going into the advanced settings and disabling this protection.
To disable this protection in the Cloud console:
- Log in to the Cloud console.
- Go Policy > Windows > Settings and click on the Advanced settings option under Exploit Protection.
- Under the Application Hardening tab, uncheck the Disable Internet Explorer VB Scripting box.
To disable this protection in the Management Console:
- Log in to the Management Console.
- Go to Policy > Anti-Exploit > Advanced ... button in the bottom right.
- Under the Application Hardening, uncheck Disable Internet Explorer VB Scripting.
To maintain this protection, Microsoft has a new feature to disable VBScript from Internet Zone and Restricted Sites Zone, which can be enabled via registry setting and through group policy object (GPO). This is documented in KB 4012494, Option to disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone.