Need to run VBS script - Specific Permissions

[Noctsol]

I have a basic understanding of what is going on. i'll try to explain to the best of my ability.

I need to run a VBS script that is specific to me. Unfortunately, Malwarebytes is blocking my script.

My company has Malwarebytes operating from a cloud. Any changes that are made right now are applied to the whole company. The IT guy is trying to figure out how to give me permissions without removing the block for the rest of the company. I myself from my computer do not have access to the Malwarebytes Screen, or I would have given myself the permissions already.

1. What can we do to get me the permission I need to run my script(s) for now and the future?

 

 

 

 

[exile360]

Greetings and welcome

Until someone from the staff arrives, I'll do my best to help you figure this out.  While I haven't personally used the cloud version myself, I do know that with the previous on-premises managed version you could configure different endpoints into separate groups and apply separate policies/permissions to each group.  So in this case, the admin would create a new group that includes your system as well as the systems of any others he manages which require this permission/exclusion and then configure the policy for that group to include the exclusion/permission that allows you to execute scripts.

If there is no group functionality then I don't know how to do it short of removing your endpoint from the managed policy and simply installing the standalone business endpoint build of Malwarebytes on your system so that it doesn't inherit the policy being deployed from the cloud.

[pbust]

Hi. Please attach your endpoint detection logs. There are two advanced settings that can be tweaked to allow these type of actions. But we'll need the logs to figure out which one it is.

 

[Noctsol]

I should be able to get this information to you today or tomorrow. Please hold on !

[Noctsol]

On 2/25/2018 at 2:53 PM, pbust said:

Hi. Please attach your endpoint detection logs. There are two advanced settings that can be tweaked to allow these type of actions. But we'll need the logs to figure out which one it is.

 

We are currently trying to decide WHICH logs to give you. We're not sure.

Is there a step by step process on how to do this?

[exile360]

I believe it should be in the log(s) stored here, assuming the build you're using utilizes the same folder structure as the build I have installed: C:\ProgramData\Malwarebytes\MBAMService\AeDetections.  If it isn't in the log(s) stored there, then it might be in this log (again, assuming the structure is the same as my own build): C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG.

[pbust]

Just send everything within C:\ProgramData\Malwarebytes\MBAMService\Logs\

(path may vary depending on the product version)

 

[Noctsol]

Ok, I got approval and attached it. I ran my VBA script calling the VBS script, so it can shows up on the log as the most recent item.

 

MBAMSERVICE.LOG

[pbust]

Thanks Noctsol.

Unfortunately there is no way to exclude individual scripts like these. Allowing Excel or Excel macros to execute a scripting program is a very large security hole which is currently abused by malware writers as an infection vector. The only other way is to create a new Policy with the anti-exploit shield disabled for Excel, and add only the machines that need to execute this script to that particular Policy.

 

[Noctsol]

On 3/5/2018 at 10:29 AM, pbust said:

Thanks Noctsol.

Unfortunately there is no way to exclude individual scripts like these. Allowing Excel or Excel macros to execute a scripting program is a very large security hole which is currently abused by malware writers as an infection vector. The only other way is to create a new Policy with the anti-exploit shield disabled for Excel, and add only the machines that need to execute this script to that particular Policy.

 

Thank you for replying. This is exactly what I was looking for. Now, whether or not I'll get permission who knows.