Application Control - Blocking all Wscripts but allowing one

Question

Hi All, 
 We have application control currently set to block Microsoft WSH WScripts, and want to keep it that way. 
 However we have a VBS script that uses Wscript that ideally we want to exclude, so it can be run on endpoints without disabling application control every time. 
 I have tried to exclude the file path in the global exclusions settings, but this doesn't appear to work? 
 Is there a correct way of allowing this one script but blocking any other Wscripts?

Qoosh · Answer

Hi zulra , 
 Thanks for reaching out to the Sophos Community Forum. 
 Application Control will block the specified executables from starting, whether done by another application, user, or script. It is not possible to exclude WScripts without also updating the policy to unblock it. 
 If the app only needs to run on a handful of devices, you can create a new policy for only those devices. 
 Could you provide some additional context on what the VBScript and WScript will do?

Application Control - Blocking all Wscripts but allowing one

Top Replies