Endpoint Protection's Anti-Exploit protection is blocking Visual Basic 6

Document created by jgolomb Employee on Dec 26, 2018Last modified by jyamada on Jan 23, 2019
Version 2Show Document
  • View in full screen mode

Malwarebytes' Anti-Exploit protection hooks into browsers to monitor for the launching of VBscript interpreters with a generic detection and block all VBscript invocations. 

 

This is consistent with Microsoft’s statement that “VBScript is deprecated in Internet Explorer and is not executed for webpages displayed in IE11 mode”. Refer to Disabling VBScript execution in Internet Explorer 11.

 

Microsoft recommends the use of JavaScript in preference to VBScript and to contact your vendors for plans.


Resolution

If you need to use VBScript for an internal application, the detection can be disabled by going into the advanced settings and disabling this protection. 

 

Disable VB Scripting in Cloud Console

To disable this protection in the Cloud console:

 

  1. Log in to the Cloud console.

  2. Go Policy > Windows > Settings and click on the Advanced settings option under Exploit Protection.  

  3. Under the Application Hardening tab, uncheck the Disable Internet Explorer VB Scripting box.

 

Securing VBScript for continued internal use

Microsoft has a new feature to block VBScript from external sites, whilst still allowing it to run from Internet Zone and Restricted Sites Zone, which can be enabled via registry setting and through group policy object (GPO).  This is documented in KB 4012494, Option to disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone.

Attachments

    Outcomes