FSS vs SS and Scripts

I noticed that under the File System Shield settings there is an option to scan scripts when executing, which is selected by default. So how does this differ from Script Shield, which also, “…intercepts all scripts executed on your system…”?

Doesn’t anyone know? I’ve attached two snaps to this post. First is the File System Shield Settings, second is the Script Shield. Just curious what the difference is for local scanning.

Ah comon, or is the question too elementary for the experts on this forum? Are some executed scripts scanned twice or not? What does one do that the other doesn’t?

well ive noticed that the script shield also scan scripts running on browers, well for me the only browsers i use are chrome and IE, but IE isnt used as much, and its the only one ive noticed when scripts are detected.

About the ones for Fileshield i would guess that some of that script scanning is for the auto
sandbox.

Hello Castayr.

Yes, that’s what I was actually thinking, only the wording on the Script Shield panel is ambiguous if that is the case.

File System Shield is scanning local scripts, I can see that, because sessionstore.js is always shown as scanned after I’ve open Firefox. However, the Script Shield ‘shield log’ is always empty, and there is never anything ‘current’ shown as scanned when I look, and yet the script shield statistics show a tall peak in scanning on the same days as the File System Shield, and also shows scripts scanned as 804 total, 463 max, 2008 average. This is very curious. I don’t run Internet Explorer as a rule, well not unless I really have to (usually when I visit MS sites for updates to save having to validate in Firefox before downloading tools and software) and as it has been stated by those in the know that Script Shield doesn’t yet support FF I’m wondering what exactly is being scanned by Script Shield.

It really would be good to know what exactly Script Shield does (and what it doesn’t), and the differences between File System Shield local script scanning and Script Shield local script scanning. Maybe Script Shield script scanning is totally browser related, in that it scans only scripts run inside browsers…perhaps that’s it. But then the wording needs to reflect that because at the moment it is confusing.

I’ll have to simply take it from here then:

http://www.avast.com/en-gb/pro-antivirus#tab3

Script Shield Improved

Detects malicious scripts hidden in web pages and prevents them from hijacking and potentially damaging your computer.

Now disabled on my machine.

So, as I said in another thread, pretty much useless as Firefox isn’t supported. NoScript must offer more protection to FF users than Avast’s Script Shield. And as local scripts are being scanned by File System Shield, and Web Shield is scanning scripts on pages, I don’t get the script shield…seems like an unfinished idea. If it does anything useful it should be incorporated fully into the File System Shield and Web Shield.

I use Chrome 100% of the time, and the SS has never scanned a single script for me either. I was told by a mod in another thread, to open windows media player to see if the SS was working, and that was the only time it scanned anything. I have had my new machine for 10 months and have never even opened WMP, and I doubt I ever will again. So for me, it seems the SS is not needed.

I did a custom install and chose not to install Webrep, Gadget, Mail Shield, P2P Shield and IM Shield, since I have online Yahoo! mail and never use P2P or IM. Maybe I will go back and change my config to uninstall the Script Shield too.

link to other script thread: http://forum.avast.com/index.php?topic=73015.msg608309#msg608309

Script shield watches and scans Windows Scripting Host (WSH)scripts being executed by the operating system. (NoScript does not do this). It also scans all scripts run as part of a web page within the Windows Scripting Host or IE.

FSS scans files which are not the same as scripts.

Giving you the benefit of the doubt, I’ll go back to the point: you are incorrect, Nesivos. FSS does scan scripts, if you are to believe your eyes. Check the File System Shield settings. As mentioned previously (in the posts above), there is a FSS setting for just this, which is auto selected…hence why I posted in the first place.

Second, It was pretty clear I didn’t mean that NoScript blocked local scripts. It was quite clear that NoScript is used for blocking potential threats within Firefox. But Web shield also works with Firefox, and scans for threats, so I think the web facing stuff is pretty much taken care off there. Now back to local, which was what I was asking questions about…

So the point you make: the only basis left now for keeping Script Shield running, you say, is to protect from supposed threats from running local scripts via wscript.exe or cscript.exe. Hmm, maybe, but vbs and others aren’t directly associated with WSH on my system, so can’t run unless I do it manually. So probably not a really bid deal for me. Maybe it is for others. My choice is to leave SS uninstalled for the good it does. And besides, FSS’s default script scanning option is already checked.

Based on the following, I will keep the SS active.

“Script shield - detects malicious scripts and prevents them from being run. The script shield will detect and block not only malicious scripts coming from the web (remote threats) but also scripts coming from other sources, such as web pages saved to disk or in the browser cache etc (local threats).
Unlike the web shield, the script shield can also detect and block malicious scripts that come from HTTPS (encrypted) connections.”

FSS does indeed scan scripts but only those related to files on your computer and not Web page scripts which is what the Script Shield does, There is a difference. The scripts that FSS scans are file related. What you read below are the scripts that FSS scans.

Description of Windows Script Host (WSH)

WSH is a language-independent scripting host for 32-bit Windows platforms. Microsoft provides both Microsoft Visual Basic Script and Java Script scripting engines with WSH. It serves as a controller of ActiveX scripting engines, just as Microsoft Internet Explorer does. Because the scripting host is not a full Internet browser, it has a smaller memory footprint than Internet Explorer; therefore, WSH is appropriate for performing simple, quick tasks. Scripts can be run directly from the desktop by double-clicking a script file, or from a command prompt. WSH provides a low-memory scripting host that is ideal for non-interactive scripting needs such as logon scripting, administrative scripting, and so on. WSH can be run from either the protected-mode Windows-based host (Wscript.exe), or the real-mode command shell-based host (Cscript.exe).

http://support.microsoft.com/kb/188135

I believe that FSS will also scan scripts located in *.PDF files on your computer.

Where did you find that DBone? That’s the sort of answer I’ve been looking for. Although I’d still like to know what the FSS script scanning setting does and doesn’t do.

Thankyou. It is becoming clearer now, but still not totally clear. I mean, what do you mean by ‘file related’? Are you saying that FSS doesn’t scan js scripts or vb script, etc. unless they’ve been initiated from an executable?

I know about WSH, and I’ve already read that MS page :wink:

Hmm, maybe I’ll reinstall the shield. Still don’t understand why the script scanning is a separate module.

I found it on my 1027’s help center.

Actually I need to correct myself.

Script Shield does in fact scan Windows Scripting Hosts scripts while FSS scans scripts in files for example executed Java scripts in *.pdf files that are not Windows Scripting Hosts.

At this point as I recall from a prior post SS does not yet work for scanning web page scripts if you are using Firefox, though my memory could be incorrect on this. :slight_smile:

Summary: (I think that this is correct but not 100% positive :))

SS - scans WSHS, not sure about web pages
FSS - scans files on your computer that not part of WSHS yet contain scripts.

What Is WSH? Windows Scripting 5.8

Updated: March 2009

Windows Script Host (WSH) is a Windows administration tool.

WSH creates an environment for hosting scripts. That is, when a script arrives at your computer, WSH plays the part of the host — it makes objects and services available for the script and provides a set of guidelines within which the script is executed. Among other things, Windows Script Host manages security and invokes the appropriate script engine.

WSH is language-independent for WSH-compliant scripting engines. It brings simple, powerful, and flexible scripting to the Windows platform, allowing you to run scripts from both the Windows desktop and the command prompt.

Windows Script Host is ideal for noninteractive scripting needs, such as logon scripting, administrative scripting, and machine automation.
WSH Objects and Services

Windows Script Host provides several objects for direct manipulation of script execution, as well as helper functions for other actions. Using these objects and services, you can accomplish tasks such as the following:

Print messages to the screen

Run basic functions such as CreateObject and GetObject

Map network drives

Connect to printers

Retrieve and modify environment variables

Modify registry keys</blockquote>


http://msdn.microsoft.com/en-us/library/shzd7dy4(v=vs.85).aspx

Ahh, not in this one. Blank page in 1000 help centre. Well, all that’s there is “There are no settings for this shield.” actually.

Thanks, much appreciated. :slight_smile:

My pleasure :slight_smile: