Jump to content

Blocking VBscript in static local files installed in Program Files folder


Recommended Posts



When Internet Download Manager (IDM) from http://www.internetdownloadmanager.com is installed, and when trying to use "Download with IDM" right click menu item in Internet Explorer 11, your new feature (Application Hardening) blocks VB script in a static html page stored on local drive. Specifically it blocks C:\Program Files (x86)\Internet Download Manager\IEExt.htm and C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
files, and it names this action as blocking an exploit

May you please clarify when it became an exploit, and how it can be exploited? How a malefactor can use this exploit on a customer computer? These script files are a part of IDM distribution, and they call ActiveX components, which were installed by IDM installer during IDM installation. It’s not possible for a malefactor to change these VBscript files or ActiveX components without administrative rights. If he has such rights, he will not need to modify or use these scripts and files.


Charles Jones
Tonec Inc.




Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Hello Charles77,


We want to have you collect some logs so we can look into this issue further. I want to have you collect two logs from these directories:



The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it.   There is also a post here from Microsoft on how to do this for the more recent OS: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files

Once you get those, go ahead and send it over to me and we should be able to give you a better answer for this. 

Link to post
Share on other sites

  • Staff

VB Scripting has been decomissioned by Microsoft some time ago due to the insecurities it introduces.

In fact during all of 2016 Exploit Kits were heavily abusing outdated computers with VBScript in order to exploit machines and execute code remotely on them. It is advisable that you do not use any products or applications that rely on VBScript.

Alternatively you can disable the VBScript enforcement technique in MB3 -> Settings -> Protection -> Advanced Settings -> Application Hardening, but it is probably safer to find an alternative to IDM that doesn't leave you more exposed to exploits.



Link to post
Share on other sites


Rsullinger, we will send log files once we receive them from our user who complained first.

Pbust, please don't write general, obvious, and well known things about VBscript. Most people who read this post know that there are several security problems.

Please re-read the initial post. How the execution of VBScript can be exploited in this particular case? VBscript below is stored on hdd, and you need administrative rights to change it.

<script language="VBScript">
    set IDMLinksProcessor=CreateObject("IDMGetAll.IDMAllLinksProcessor")
    if err<>0 then
        MsgBox("IDM is not installed properly!"+ vbCrLf+"Please Install IDM again")
        IDMLinksProcessor.Execute external.menuArguments
        end if

Note that you block our right click menu item in IE browser

Thank you



Link to post
Share on other sites

  • Staff

Hi charles77,

We have a blanket protection for VBScripting for all the security reasons that pbust mentioned above. We do understand your concerns, this one case of yours might not be exploitable since it is static and stored on your hdd. But on the whole it is widely infamous for the insecurities it poses, as you very well know.

You have an alternative though.

You can turn it off by going to Malwarebytes->Settings->Protection->Advanced Settings and turn off the setting marked in red.

Thank you.



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.