How to disable Windows Script Host Solved

  1.    29 Aug 2017 #1

    How to disable Windows Script Host


    Is there a good way in registry or group policy to disable wscript.exe? Does it apply to all users?
    Purpose is to prevent users from accidentally running malicious scripts.
    I could just delete it or rename it, but it might come back after a Windows update.
      My ComputerSystem Spec

  2. TairikuOkami's Avatar
    Posts : 3,510
    Home 1809 x64 10.0.17763.194
       29 Aug 2017 #2

    You can use this per user (HKCU) or per PC (HKLM).
    Code:
    reg add "HKCU\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Another option, per user based.
    Code:
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "DisallowRun" /t REG_DWORD /d "1" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "1" /t REG_SZ /d "wscript.exe" /f
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" /v "2" /t REG_SZ /d "cscript.exe" /f

    Symantec used to recommend it, but they have realized, that preventing malware does not really help them.
    VBS.Downloader.Trojan is written using the Visual Basic Scripting language (VBS). For VBS scripts to execute, Windows Scripting Host (WSH) is required. WSH is installed by default on most Windows systems. However, it is possible to disable the WSH. Read the instructions on disabling the WSH.
      My ComputerSystem Spec

  3.    29 Aug 2017 #3

    Thanks!
      My ComputerSystem Spec

  4.    3 Weeks Ago #4

    Does it also disable cscript?
      My ComputerSystem Spec

  5. TairikuOkami's Avatar
    Posts : 3,510
    Home 1809 x64 10.0.17763.194
       3 Weeks Ago #5

    Unfortunately no. DisallowRun works only for the local user, so admin or system probably might still run it.

    By the way, Norton's tool is still around, when run as admin, it disables jse, jsf, vbe, vbs, wsf, wsh.
    Code:
    http://www.symantec.com/avcenter/noscript.exe
      My ComputerSystem Spec

  6.    3 Weeks Ago #6

    TairikuOkami said: View Post
    Unfortunately no. DisallowRun works only for the local user, so admin or system probably might still run it.

    By the way, Norton's tool is still around, when run as admin, it disables jse, jsf, vbe, vbs, wsf, wsh.
    Code:
    http://www.symantec.com/avcenter/noscript.exe
    But what about the first reg key you gave, HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Does that one work also for cscript?

      My ComputerSystem Spec

  7. TairikuOkami's Avatar
    Posts : 3,510
    Home 1809 x64 10.0.17763.194
       3 Weeks Ago #7

    It seems it does, though cscript.exe can still run.
    Attached Thumbnails Attached Thumbnails capture_11172018_182207.jpg  
      My ComputerSystem Spec

  8.    3 Weeks Ago #8

    TairikuOkami said: View Post
    It seems it does, though cscript.exe can still run.
    Thanks bro!
      My ComputerSystem Spec

  9.    1 Day Ago #9

    If you're really just worried about users running a script by double clicking on it, there's an easier way to do this. You simply alter the settings to make script files open in Notepad anytime someone double clicks on them. You still have the option of running scripts when you want to by right clicking on them, and scripts can be run by any programs that need them, so you avoid the problems that can be created by disabling scripts entirely. Just pick which script files you want to alter from the following choices:

    Code:
    Windows Registry Editor Version 5.00
    
    ; Makes vbs files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\vbsfile\shell]
    @="edit"
    
    ; Makes vbe files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\vbefile\shell]
    @="edit"
    
    ; Makes ws files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\wsfile\shell]
    @="edit"
    
    ; Makes wsh files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\wshfile\shell]
    @="edit"
    
    ; Makes js files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\jsfile\shell]
    @="edit"
    
    ; Makes jse files open in notepad when they are double clicked
    [HKEY_CLASSES_ROOT\jsefile\shell]
    @="edit"
    As always, it's best to back up these registry keys before altering them, but you can always restore the original functionality to any of those files by just replacing @="edit" with @="Open"
      My ComputerSystem Spec

  10.    1 Day Ago #10

    Oops! that wsh file entry (fourth one down) should be [HKEY_CLASSES_ROOT\wshfile\shell]. Sorry.

    EDIT: I fixed it in my original post, so it's good now. Apologies again.
      My ComputerSystem Spec


 

Related Threads
Hi there For people using the CU update as a VM - SWITCH OFF the setting Turn Monitor off -- I.e set it to NEVER and allow the HOST to control the main screen otherwise you'll have to login again with password - nuisance if running file sharing...
Solved Windows Script Host error at startup in AntiVirus, Firewalls and System Security
Hi guys and gals, Please kindly assist with the following error message: "Can not find script file "C:\Users\username\AppData\Roaming\cnkocgrrf\edeqdg.js". This error message keeps popping up every time I restarts a windows 10 Home edition laptop...
Win10 Family: how to whitelist scripts for Windows Script Host in AntiVirus, Firewalls and System Security
Hi, it is possible to totally disable or enable Win10 Family under Win10 Family, see for instance How to blacklist or whitelist a program in Windows 10 I want to enabled Windows Script Host ONLY for a set of (personal) scripts, aka white list...
I am using Windows 10 Home on a HP i3 laptop. Just recently I have started receiving an error pop-up which says "Windows Script Host - There is no script engine for file extension ".js"". There doesn't seem to be a pattern to when the error...
I was trying to enter a new host file on one of our remote user’s laptop and when I went to open the file it showed a bunch of Chinese symbols and wouldn’t let me do anything with it? I tried deleting it and then tried to build a new host file from...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:36.
Find Us