Jump to content
Noctsol

Need to run VBS script - Specific Permissions

Recommended Posts

I have a basic understanding of what is going on. i'll try to explain to the best of my ability.

I need to run a VBS script that is specific to me. Unfortunately, Malwarebytes is blocking my script.

My company has Malwarebytes operating from a cloud. Any changes that are made right now are applied to the whole company. The IT guy is trying to figure out how to give me permissions without removing the block for the rest of the company. I myself from my computer do not have access to the Malwarebytes Screen, or I would have given myself the permissions already.

1. What can we do to get me the permission I need to run my script(s) for now and the future?

 

 

 

 

Block1.png

Share this post


Link to post
Share on other sites

Greetings and welcome :)

Until someone from the staff arrives, I'll do my best to help you figure this out.  While I haven't personally used the cloud version myself, I do know that with the previous on-premises managed version you could configure different endpoints into separate groups and apply separate policies/permissions to each group.  So in this case, the admin would create a new group that includes your system as well as the systems of any others he manages which require this permission/exclusion and then configure the policy for that group to include the exclusion/permission that allows you to execute scripts.

If there is no group functionality then I don't know how to do it short of removing your endpoint from the managed policy and simply installing the standalone business endpoint build of Malwarebytes on your system so that it doesn't inherit the policy being deployed from the cloud.

Share this post


Link to post
Share on other sites

Hi. Please attach your endpoint detection logs. There are two advanced settings that can be tweaked to allow these type of actions. But we'll need the logs to figure out which one it is.

 

Share this post


Link to post
Share on other sites
On 2/25/2018 at 2:53 PM, pbust said:

Hi. Please attach your endpoint detection logs. There are two advanced settings that can be tweaked to allow these type of actions. But we'll need the logs to figure out which one it is.

 

We are currently trying to decide WHICH logs to give you. We're not sure.

Is there a step by step process on how to do this?

Share this post


Link to post
Share on other sites

I believe it should be in the log(s) stored here, assuming the build you're using utilizes the same folder structure as the build I have installed: C:\ProgramData\Malwarebytes\MBAMService\AeDetections.  If it isn't in the log(s) stored there, then it might be in this log (again, assuming the structure is the same as my own build): C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG.

Share this post


Link to post
Share on other sites

Just send everything within C:\ProgramData\Malwarebytes\MBAMService\Logs\

(path may vary depending on the product version)

 

Share this post


Link to post
Share on other sites

Thanks Noctsol.

Unfortunately there is no way to exclude individual scripts like these. Allowing Excel or Excel macros to execute a scripting program is a very large security hole which is currently abused by malware writers as an infection vector. The only other way is to create a new Policy with the anti-exploit shield disabled for Excel, and add only the machines that need to execute this script to that particular Policy.

 

Share this post


Link to post
Share on other sites
On 3/5/2018 at 10:29 AM, pbust said:

Thanks Noctsol.

Unfortunately there is no way to exclude individual scripts like these. Allowing Excel or Excel macros to execute a scripting program is a very large security hole which is currently abused by malware writers as an infection vector. The only other way is to create a new Policy with the anti-exploit shield disabled for Excel, and add only the machines that need to execute this script to that particular Policy.

 

Thank you for replying. This is exactly what I was looking for. Now, whether or not I'll get permission who knows.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.