Malwarebytes' Anti-Exploit protection hooks into browsers to monitor for the launching of VBscript interpreters with a generic detection and block all VBscript invocations.
This is consistent with Microsoft’s statement that “VBScript is deprecated in Internet Explorer and is not executed for webpages displayed in IE11 mode”. Refer to Disabling VBScript execution in Internet Explorer 11.
If you need to use VBScript for an internal application, the detection can be disabled by going into the advanced settings and disabling this protection.
Disable VB Scripting in Malwarebytes Nebula
To disable this protection in the Malwarebytes Nebula platform:
- Log in to the Malwarebytes Nebula platform.
- Go Settings, click Policies and select your policy name.
- Select Protection settings, then click Advanced settings under Exploit protection.
- Click Anti-exploit settings.
- Under the Application Hardening tab, uncheck the Disable Internet Explorer VB Scripting box.
- Click OK, then click Save on the top right.
Securing VBScript for continued internal use
Microsoft has a new feature to block VBScript from external sites, whilst still allowing it to run from Internet Zone and Restricted Sites Zone, which can be enabled via registry setting and through group policy object (GPO). This is documented in KB 4012494, Option to disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone.