I heard from a sysadmin friend of mine that they have disabled windows script host on all their workstations to protect them from malware that exploits local scrips. This sounded interesting to me so I wanted to check it out.
The Windows script host is responsible for running local scrips on your computer including JScript (.js files) and VBScript (.vb files). If you are not aware JScript and VBscript are two major tools used when infecting a computer. So if you do not use these kinds of scripts then it may be a good idea to turn them off.
Turn Off Windows Script Host
To disable windows script host you just need to change or add one key in the registry.
Go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\SettingsThen set the DWORD “Enabled” to 0. If there is no “Enabled” option you can add one.
After
Now you know some random script will not run on your computer and you will get this message is something attempts to run.
Block Fileless Malware
Based on my understanding of how the new
But do not get too comfortable and think this makes you 100% safe. Malware changes daily so it is always good to be vigilant and informed!
Side Effects
I have been testing this for a while and have not run into any real issues. Batch and PowerShell still work fine. So disabling this as not hurt me any but if you run any kind of scripts in your environment this may not be an option for you. For example, my company runs a VB script on login to map printers. So disabling this is not an option for us as long as we keep that printer script in place.
It is also worth noting that this has no effect on browsers are web pages. Scripts running on a website will still work fine. Windows script host only gets involved when something crosses over into local space.
