Q
quietman7
Prior to installing MSAS I initially did not know it
provided a script blocking protection feature. When I
discovered it, I uninstalled scriptdefender (a program
that does the same thing)after removing its intercepts.
It appears MSAS does not monitor this type of user action
or recognize the increased vulnerability as a result on
later reboots. MSAS should have alerted the user that
this script blocking was no longer enabled and offered to
activigate its protection feature.
Anyway I attempted to run a scipt and MSAS did not
provide a pop up alert. Clicking on Real-time Protection
and opening Application Agents disclosed there were 23 of
25 checkpoints currently being monitored. Digging deeper
revealed that the two deactivated checkpoints were
Process Execution and Script Blocking.
The Checkpoint Details area on the right side confirmed
the status of each as inactive. I attempted to activate
these two checkpoints but MSAS either ignored me or
refused to allow me to make the change even after a
reboot. Finally, I uninstalled MSAS completely and then
reinstalled it. This allowed me the option of configuring
and activating all its features.
After the reboot I checked the application agent status
and all 25 checkpoints were activated. I then tried to
execute a script and received the allow-deny pop up
warning from MSAS.
Is this a bug or am I missing something here? It seems a
user should not have to go through such measures simply
to reactivate one of these checkpoints.
It would also have been useful if MSAS recognized and
informed me of the vulnerability after I disabled
scriptdefender's intercepts but that is something the
programmers may want to address later.
provided a script blocking protection feature. When I
discovered it, I uninstalled scriptdefender (a program
that does the same thing)after removing its intercepts.
It appears MSAS does not monitor this type of user action
or recognize the increased vulnerability as a result on
later reboots. MSAS should have alerted the user that
this script blocking was no longer enabled and offered to
activigate its protection feature.
Anyway I attempted to run a scipt and MSAS did not
provide a pop up alert. Clicking on Real-time Protection
and opening Application Agents disclosed there were 23 of
25 checkpoints currently being monitored. Digging deeper
revealed that the two deactivated checkpoints were
Process Execution and Script Blocking.
The Checkpoint Details area on the right side confirmed
the status of each as inactive. I attempted to activate
these two checkpoints but MSAS either ignored me or
refused to allow me to make the change even after a
reboot. Finally, I uninstalled MSAS completely and then
reinstalled it. This allowed me the option of configuring
and activating all its features.
After the reboot I checked the application agent status
and all 25 checkpoints were activated. I then tried to
execute a script and received the allow-deny pop up
warning from MSAS.
Is this a bug or am I missing something here? It seems a
user should not have to go through such measures simply
to reactivate one of these checkpoints.
It would also have been useful if MSAS recognized and
informed me of the vulnerability after I disabled
scriptdefender's intercepts but that is something the
programmers may want to address later.
