Hi all,
We use M365 Defender in our environment and it blocks the app deployment with a couple alerts like: “Suspicious Scheduled Task Launched”, “Suspicious service launched” and “Suspicious System Hardware Discovery” and the install fails. We use Intune to deploy our apps.
We do have ASR rules active and we do see the vbs script being blocked. Has this been fixed? I am not able to find a direct info regarding the fix.
Sorry if I missed the info… Thanks
Hi KrpaZG,
If you share the relevant sections of the PSADT log file we might be able to help you.
EDIT: Please mention the version of PSADT you are using. The Authors are working on removing VBS from PSADT.
“… We use Intune to deploy our apps.
We do have ASR rules active and we do see the vbs script being blocked. Has this been fixed? I am not able to find a direct info regarding the fix.”
In 2023 I’d question why you are still using VBS - a near 30 year old insecure scripting language.
VBS is all too easy to create malicious code which modern Malware and and Virus protections will stop in it’s tracks.
Defender ASR rules are designed to stop such malicious behaviour, so the answer is not to bypass the security rules but to modernise your code (use PowerShell)
As you are using Intune, I’d strongly advise you to be entirely using PowerShell, Not only for Security reasons, but it’s far more powerful and there are plenty of users sharing examples of how to solve problems using PowerShell.
N.B. Microsoft have effectively been killing off VBScript for a number of years now (In IE11 since 2016)
Created in 1996, VBScript is a dynamic scripting language that Microsoft modelled on the Visual Basic programming language. Windows sysadmins could use it to automate computing tasks, although now many have switched to PowerShell. It is often used for server-side processing in web pages, typically in Microsoft Active Server Pages (ASP).
Microsoft considers VBScript a thing of the past and calls it a legacy language in its latest post. It abandoned VBScript in its Edge browser because JavaScript had become the de facto standard.
There seems little reason to use VBScript unless it is embedded in a legacy website that a company absolutely must use and for some reason can’t update. But there are definite reasons to turn it off. Attackers love VBScript, because it offers an easy way to manipulate a machine.
This doesn’t mean that you can’t use VBScript if you really have to. You can still change the settings for VBScript execution manually in IE11 in three ways. You can change it on a per-site basis by configuring the site security zone, you can alter the registry, or you can make a Group Policy change.
Microsoft also blocked activation of VBScript controls in Office 365 client applications last year.
Source (from 8th Aug 2019): Naked Security – Sophos News