Jump to content

exclusions failure


Recommended Posts

need access to site(s) below and have added an exception for those  as well as a file exception for: C:\Windows\SysWOW64\vbscript.dll as this file is called by the page. Yet still it fails and blocks with the info:
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\Windows\SysWOW64\vbscript.dll
 
https://hmsa.administep.com/Portal/pprHcfa1500_05Edit.aspx#
https://hmsa.administep.com/*

How can we allow this page to allow execution of the VB script in question?

Link to post
Share on other sites

Greetings and welcome,

Based on the block information you provided it's actually being blocked by our anti-exploit component which is why excluding the website and file did not eliminate the issue.  That said, vbscript.dll shouldn't actually be used by websites any more as it has been deprecated by Microsoft due to its frequent use by malware/exploits, however I too have encountered this issue occasionally with Internet Explorer though why it happens I still have not determined.  More information on the deprecation of vbscript.dll may be found here.  That article also provides information on disabling vbscript in Internet Explorer 11.  If possible, I'd recommend doing that rather than excluding/disabling the detection, however if it is actually required for that website to function properly then that's obviously not an option for you so I have also provided instructions on disabling this detection.

In order to eliminate the alert/block in Malwarebytes, if you need to I'd recommend temporarily disabling exploit protection when visiting the site, assuming you don't use it too often and won't be doing much browsing to other sites as you don't want to risk infection while vulnerable to exploit attacks.  If that isn't a good solution for you then you may disable the setting or exclude detection of this particular exploit, however either option has the same net effect:

To disable the setting that causes this detection you may access Settings>Protection>Advanced Settings (located under the Exploit Protection section)>Application Hardening and uncheck the box next to Disable Internet Explorer VB Scripting.  If you uncheck that checkbox and click Apply that should stop Malwarebytes from blocking vbscript.dll whenever it is called by Internet Explorer, though again it is risky as vbscripting in IE has been deprecated for some time due to its use by malware so please be cautious.

Alternatively, you may access the Settings>Exclusions tab and click Add Exclusion then select Exclude a Previously Detected Exploit>Next>Select then select the appropriate exploit detection from the list then add Internet Explorer (iexplore.exe) as the associated application, however because of the specificity of this particular shield, this would actually be no different than disabling the setting via my previous instructions above as both would leave you equally vulnerable and both should eliminate this detection from occurring.

Unfortunately there is no way to exclude that DLL's use for a specific website and prevent it from being used on others, so if you do happen to encounter a malicious site employing vbscript.dll, Malwarebytes will not block it when this shield is disabled or this exploit detection is excluded.

Please let us know how it goes and if there is anything else we might assist you with or if you have any questions about my advice and instructions.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.