Disable Windows Scripting Host ( WSH )

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

The majority of viruses recently have been email-based. They are often written in VBScript which is a scripting language used to automate tasks without user intervention (or perhaps, one even knowing the script is running). Microsoft built the Windows Scripting Host (WSH) as an application to run vbscript programs. It ships as an integral part of Windows 2000 and Windows XP. WSH is also included when one downloads Internet Explorer 5. WSH can be used to get access to the Windows commandshell, file system, and registry. Lots of people know vbscript. Its complexity is low, at least, the complexity to write virus code.

To find out if the Windows Scripting Host is enabled on your PC:

  • Click Start | Run | cmd
  • Type wscript in the command shell
If its enabled, the Windows Script Host Settings dialog box will poppup.

You can protect yourself from these malicious programs if you have up-to-date antivirus code resident. This is becoming an absolute requirement in corporate environments. If you don't have that level of protection, you might want to block the vbscripting threat by disabling the Windows Scripting Host which is the agent that executes the .vbs files. There are several methods which are compatible for Windows NT / Windows 2000 and Windows XP:

  • Rename or delete the WSH executable : wscript.exe
    Its normally found in the system32 folder.
  • Block WSH from executing .vbs files by removing the file association
    • Right-click My Computer
    • Select Open from the menu
    • Select the View tab
    • Select Options
    • Open the File Types tab
    • Select VBScript Script File from the list of file types
      If its not there, then WSH is not installed or has been disabled. If its there
    • Click on the Remove button to remove the ability of WSH to run .vbs scripts.
    • Another alternative if you want to know when a script has been activated, you can use the Edit button to change the default action for .vbs files from Open (running) them to Edit . That is open script in Notepad.
  • Dynamically disable / enable WSH using Symantec's Noscript.exe freeware program.
  • Disable scripts using freeware AnalogX Script Defender program. AnalogX Script Defender will intercept any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS) and Java Script (.JS). It can even be configured to intercept new script extensions as needed! It's very simple to use and helps to ensure that you do not inadvertently run a script no matter what email program you use, or even if you get it via another method.

Featured Links