Application Control - Blocking all Wscripts but allowing one

Hi All,

We have application control currently set to block Microsoft WSH WScripts, and want to keep it that way.

However we have a VBS script that uses Wscript that ideally we want to exclude, so it can be run on endpoints without disabling application control every time.

I have tried to exclude the file path in the global exclusions settings, but this doesn't appear to work?

Is there a correct way of allowing this one script but blocking any other Wscripts?



Added Tags
[edited by: Gladys at 7:54 AM (GMT -7) on 2 Oct 2023]
  • Hi zulra,

    Thanks for reaching out to the Sophos Community Forum.

    Application Control will block the specified executables from starting, whether done by another application, user, or script. It is not possible to exclude WScripts without also updating the policy to unblock it. 

    If the app only needs to run on a handful of devices, you can create a new policy for only those devices. 

    Could you provide some additional context on what the VBScript and WScript will do? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids