Symantec Script Blocking?? - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: WLM Plus! Bug Reports (/forumdisplay.php?fid=7)
+----- Thread: Symantec Script Blocking?? (/showthread.php?tid=79718)
Symantec Script Blocking?? by jeff0806 on 12-07-2007 at 02:46 PM
When I use to script of "Display Picture Changer"
There is a Alert...
Alert!
Symantec Script Blocking has prevented a script action that could be harmful to you.
Application: msnmsgr.exe
Source file : C:\background
Object: Windows Script Host Shell Object
Method: RegWrite
How can I use this script?
RE: Symantec Script Blocking?? by Sunshine on 12-07-2007 at 02:51 PM
Any way in that Symantec program where you can allow certain scripts?
RE: Symantec Script Blocking?? by Patchou on 12-07-2007 at 03:16 PM
I suggest you uninstall Norton Antivirus and get any other antivirus that does not pretend that a software trying to write in the registry is, by default, harmful to your computer.
RE: Symantec Script Blocking?? by jeff0806 on 12-08-2007 at 12:52 AM
Can I just uninstall Norton Antivirus and dont get another one?
Cause I am using Zone Labs with Norton Antivirus now..
RE: Symantec Script Blocking?? by Quantum on 12-08-2007 at 12:57 AM
I highly do not recommend you not having an anti-virus.
RE: Symantec Script Blocking?? by scott2010_h on 12-08-2007 at 01:07 AM
quote:You should always have an anti-virus.
Originally posted by john-t
I highly do not recommend you not having an anti-virus.
It is just that some are better than others. I personally use AVG Free.
RE: Symantec Script Blocking?? by Shippo on 12-08-2007 at 04:00 AM
I, myself, am using Symantec Anti-Virus for a while now, no problems with the scripts I have. (before anyone bothers to say, it's not Norton)
RE: RE: Symantec Script Blocking?? by jeff0806 on 12-08-2007 at 04:30 AM
quote:
Originally posted by Shippo
I, myself, am using Symantec Anti-Virus for a while now, no problems with the scripts I have. (before anyone bothers to say, it's not Norton)
So what makes my MSN like this??
Can someone help me
RE: Symantec Script Blocking?? by Patchou on 12-08-2007 at 04:50 AM
Dont worry about the warnings jeff and just tell your AV to ignore these "threats".
RE: RE: Symantec Script Blocking?? by vikke on 12-08-2007 at 08:14 AM
quote:Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.
Originally posted by Patchou
Dont worry about the warnings jeff and just tell your AV to ignore these "threats".
However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.
Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.
RE: Symantec Script Blocking?? by ShawnZ on 12-08-2007 at 08:16 AM
quote:
Originally posted by jeff0806
Can I just uninstall Norton Antivirus and dont get another one?
Cause I am using Zone Labs with Norton Antivirus now..
those happen to be the worst two products on the market
quote:
Originally posted by vikke
Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.
However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.
except... hey, wait a minute, virus scanners already have the capability to check executable files for virus signatures and monitor important registry locations! gee, that sort of makes blocking any use of activex in WSH useless, doesn't it?
RE: RE: Symantec Script Blocking?? by vikke on 12-08-2007 at 08:26 AM
quote:Nope. New viruses are created everyday, and if Symantec wouldn't have added this block, you would have got infected since you get the virus before Symantec's updates. Also, you cannot be sure these checks on the PE-file is working correct. If I'm not mistaken a lot of programs has been identified as viruses when they're not.
Originally posted by ShawnZ
quote:
Originally posted by vikke
Actually there are a lot of viruses using WSH scripting (.vbs & .js files). And if they get access to the memory (and the ability to create/remove files), you'll never know what happens. That's why the anti-virus is blocking the registry interface, to prevent these malwares that actually exists. This is a good protection, too bad it blocks Messenger Plus!.
However Messenger Plus!'s scripts are using these interfaces in a good way. If there's an option to ignore it just for that process (msnmsgr.exe), that would be great for you.
except... hey, wait a minute, virus scanners already have the capability to check executable files for virus signatures and monitor important registry locations! gee, that sort of makes blocking any use of activex in WSH useless, doesn't it?
It's a well-used technology, it's recommended to block these objects.
It's better having this block than getting infected by the virus.
RE: Symantec Script Blocking?? by ShawnZ on 12-08-2007 at 08:33 AM
so your logic is that executable files themselves are more trustworthy than scripts that create executable files?
RE: RE: Symantec Script Blocking?? by vikke on 12-08-2007 at 08:35 AM
quote:Not at all, but they can be.
Originally posted by ShawnZ
so your logic is that executable files themselves are more trustworthy than scripts that create executable files?
RE: Symantec Script Blocking?? by CookieRevised on 12-08-2007 at 08:38 AM
[OFF TOPIC]
quote:No need, use the Windows registry APIs. You can even do a lot more with them.
Originally posted by vikke
Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.
[/OFF TOPIC]
RE: Symantec Script Blocking?? by ShawnZ on 12-08-2007 at 08:38 AM
so then why should ALL registry/file system access be blocked to scripts, whereas only suspicious things are flagged in real executables (when it's just as easy to do this for scripts too?)?
RE: Symantec Script Blocking?? by vikke on 12-08-2007 at 08:45 AM
quote:They're a pain in the arse! I might just wrap it up into a JavaScript-class later.
Originally posted by CookieRevised
quoteriginally posted by vikke
Edit: Patchou can solve this problem by creating his own object for registry access instead of forcing the scripts to use the WSH object.
No need, use the Windows registry APIs. You can even do a lot more with them.
quote:Because if you block the registry access in executables Windows would stop working. This doesn't mean I don't think it shouldn't be blocked in executables, but hopefully the anti-virus will find the virus, and remove it.
Originally posted by ShawnZ
so then why should ALL registry/file system access be blocked to scripts, whereas only suspicious things are flagged in real executables (when it's just as easy to do this for scripts too?)?
1% of all executables are viruses. 25% of all scripts are viruses. These values may be incorrect, but I hope you understand what I mean.
RE: Symantec Script Blocking?? by ShawnZ on 12-08-2007 at 08:48 AM
quote:
Originally posted by vikke
if you block the registry access in executables Windows would stop working.
obviously, i didn't mean executables that are part of the system
quote:
Originally posted by vikke
I hope you understand what I mean.
not really.
RE: RE: Symantec Script Blocking?? by vikke on 12-08-2007 at 08:56 AM
quote:Viruses are often part of the system. Either injected or running as a service. And any executable which is blocked from registry will stop working as every Win32 application is independent of the registry.
Originally posted by ShawnZ
quote:
Originally posted by vikke
if you block the registry access in executables Windows would stop working.
obviously, i didn't mean executables that are part of the system
quote:
Originally posted by vikke
I hope you understand what I mean.
not really.
Blocking every program (with PE-files) would just be stupid, all programs would stop working. However if you block it from scripts, there's a chance you actually stop a virus.
There could be other methods which are more accurate than registry blocking, but Symantec chose to apply this block, and I don't see why to remove a block that actually blocks viruses quite often.
RE: Symantec Script Blocking?? by ShawnZ on 12-08-2007 at 06:00 PM
quote:
Originally posted by vikke
Blocking every program (with PE-files) would just be stupid, all programs would stop working. However if you block it from scripts, there's a chance you actually stop a virus
if you block registry and file access from every user-mode application, there's a chance you'd stop a virus too. in fact, a much higher chance. but you don't. you just check executables for virus signatures and suspicious activities that a virus might perform. so why not do that with scripts if it works so effectively?
RE: Symantec Script Blocking?? by markee on 12-09-2007 at 01:59 AM
To further state how dangerous these ActiveX Objects are, WScript.Shell when used through IE (and allowing the object) can get you past your user restrictions. I personally have used it to do a "shutdown -a" where we have "express computers" which have an auto-shutdown and I don't have the priveledges to cancel it through the run box myself.
However a good point before was raised before, Symantec should just be watching the registery locations that are important and not blocking them all of them.
RE: Symantec Script Blocking?? by jeff0806 on 12-09-2007 at 02:45 PM
Ok...
But can someone tell me what should I do now to make my Messenger Plus or even MSN back to normal and I can also use Script from Plus ??
Thanks so much..
xD
RE: Symantec Script Blocking?? by Menthix on 12-09-2007 at 02:55 PM
quote:Disable the warings abot scripts in your "virus"scanner:
Originally posted by jeff0806
what should I do now to make my Messenger Plus or even MSN back to normal and I can also use Script from Plus ?
quote:
Originally posted by http://www.msgpluslive.net/scripts/help/
My virus scanner says the script is suspicious?
Some virus scanners like McAfee sometimes report a script is suspicious, you can ignore these warnings. All the scripts in the Scripts Database have been tested before they were added. Security and privacy is important to us, we won't add any suspicious script to the DB. The reason why your virus scanner says its suspicious is simply because a script connects to the internet. A lot of the scripts will connect to the internet just to check if there is a new version available, or to get some data you requested (for example the Google Utilities script will connect to google.com). You can turn off the warning in McAfee, but keep in mind this will also disable warning for non-Plus! scripts. Turning off ScriptStopper may result in a warning of Virus Protection/Security Protection requiring attention.
For McAfee VirusScan 2007 Products:
* Doubleclick the SecurityCenter icon in the system tray
* Click Computer and Files
* Click Configure on the box to the right
* Click Script Scanning protection is enabled (Note: If script scanning is already disabled, the item will not say enabled but disabled and it is OK to just leave it.)
* Select Off and close the window
For Older McAfee VirusScan products (Before 2007):
* Right-click on the security-center icon in the system tray.
* Choose VirusScan, and go to Options.
* Under ActiveShield, click Advanced.
* Click Exploits, and uncheck the box: Enable ScriptStopper (recommended).
RE: Symantec Script Blocking?? by jeff0806 on 12-13-2007 at 02:59 PM
...But i am not sure how to Disable the warnings about scripts in Norton