Terminate a specific WSCRIPT or CSCRIPT process with wildcards

Started by mstopper, October 22, 2012, 02:17:47 PM

Previous topic - Next topic


Is there a way to specify that anytime a particular script tries to run either using the Windows Scripting Host (WSCRIPT or CSCRIPT) that I want it to be terminated under the "Disallowed Processes" rules?  For example, the EXE that runs might be "C:\Windows\System32\wscript.exe", but the script executing might be "foo.vbs" or "foobar.vbs".  What I want is that anytime foo*.vbs attempts to start using either cscript or wscript that it doesn't get to -- it's disallowed.

*script.exe*foo*.vbs doesn't cut it as a wild-card entry, since I think it only looks at the true process name and not any parameters to that process.  Suggestions?



How about attempting to copy script host (wscript.exe or cscript.exe) and invoke wscript1.exe "foo.vbs" once, then remove wscript1.exe?

Edit: I don't get, do you want Process Lasso to disallow all *script.exe instances EXCEPT foo.vbs OR you want Process Lasso to terminate *script.exe if command line contains foo.vbs?
<img src="[url="http://imageshack.com/a/img913/7827/On37F9.gif"]http://imageshack.com/a/img913/7827/On37F9.gif[/url]"/>

Jeremy Collake

You need it to differentiate based on the command line. Not technically difficult at all. Please hold and I'll work on adding this. However, it will be at least not before the next beta series (after the final version I'm about to issue) before I can begin, since the change is fairly large from a UI perspective in particular.

There ARE alternate solutions that I can fix you up with to make this work right now, I think ... will think through them when I get a chance. Obviously, one option is using custom names for the interpetor (e.g. renaming the interpetor, one for each script).

Software Engineer. Bitsum LLC.


Thanks. Will look forward on the next version release here instead.
You're never a loser until you quit trying.

Jeremy Collake

I've got it on the list. You are a paying customer, right? ;) If not, you would be if I implement this I'm sure, right? ;)
Software Engineer. Bitsum LLC.