Windows Script Host or WSH, is a Microsoft technology that provides scripting abilities like batch files, but includes many more features. Such Scripts can be run directly from the desktop by double-clicking a script file, or from a command prompt. It can be run from either the protected-mode Windows-based host wscript.exe, or the real-mode command shell-based host cscript.exe.

Several “HTML malware” have been reported to use WSH objects as a result of which, those who do not require this feature, tend to disable it. But disabling WSH, will prevent users from running any scripts, including VBScript and JScript scripts, that rely on this technology – and some software may require this feature to be enabled.

Windows applications and processes may be automated using a script in Windows Script Host. Viruses and malware could be written to exploit this ability.

VBS scripts are used by malware authors either to cause disruption in an environment or to run a process that will download more advanced malware. The ILOVEYOU VBS malware caused a huge amount of damage back in the early 2000’s. Nowadays most VBS scripts causing more irritation like hiding folders, moving files etc.

We can disable them completely by disabling the Windows Script Host engine which is what. VBS files use to run. This can be very much useful for securing your environment against Cryptolocker and Ransomware.

Please follow the steps below in order to strengthen your environment by disabling the Windows Script Host via Group Policy Object:

A. Create a new GPO on the Domain Controller and name it as: SecureEnvironment

  • Open Group Policy Management Console.
  • Expand the forest.
  • Click on the domain.
  • Right click on the Group Policy Objects and then click on New.
  • Enter its name, here I am using SecureEnvironment.

B. Right click on the Group Policy Object (SecureEnvironment) and hit on Edit.

C. Expand the Computer Configuration and then go to Preferences > Windows Settings > Registry.

D. Right click on Registry and then choose to create New Registry Item.

E. Enter the following as shown in the image and in the Key Path: SOFTWARE\Microsoft\Windows Script Host\Settings

F. Hit on Apply and then OK.

G. Now go to the Group Policy Management Console and right click on the Domain name and choose Link an Existing GPO.

H. Choose the SecureEnvironment GPO from the list and hit OK.

I. Now that you have linked the GPO to the Domain Level so that it gets applied to all PC’s/Users in the domain.

The following two tabs change content below.
%d bloggers like this: