Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Blocking the download of all .VBS files on InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 21 Mar 2017
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

VBS file can be downloaded as follows:

  • When the .VBS is mentioned in the URL, the Content-Type header contains "text/vbscript".
  • When the page forces the SaveAs using the HTTP header or JavaScript (i.e. there is a Download button re-directing to the file itself), the header Content-Disposition contains ".VBS".

Currently it is not possible to block "VBScript" files without blocking HTML or JavaScript at the same time in IWSVA. 

The intention for this option is to block HTML including VBS and JavaScript; as VBS and JavaScript can also be inside the HTML, the only way to block them is to block HTML. 

However, if it is required to block only the download of all .VBS files, the procedure below can be followed.

Details
Public

To block the download of all .VBS files, do either of the following:

  1. On the IWSVA Web UI, go to HTTP > HTTP Inspection > Filters then click Add.
  2. On the Inspection Filter window:

    • In the Filter Name field, enter a filter name and description. For example: Deny if Content-Type contains "text/vbscript".

    • Tick the Basic View radio button.
    • As Filtering Type, tick the HTTP Response radio button, then tick the Header checkbox.

    • Click the plus sign (+) next to the last column to select the Name and Value heading to be used.

      The following should appear under the columns:

      • Under the Name column: Content-Type
      • Under the second column: Contains
      • Under the Value column: text/vbscript

      Set name and value text_vbscript

      Click image to enlarge

  3. Go to HTTP > HTTP Inspection > Policies then click Add. Name the policy then select the users to which the policy applies.
  4. Select the created filter and the action must be Block.

 

  1. On the IWSVA Web UI, go to HTTP > HTTP Inspection > Filters then click Add.
  2. On the Inspection Filter window:

    • In the Filter Name field, enter a filter name and description. For example: Deny if Content-Disposition contains ".VBS"

    • Tick the Basic View radio button.
    • As Filtering Type, tick the HTTP Response radio button, then tick the Header checkbox.

    • Click the plus sign (+) next to the last column to select the Name and Value heading to be used.

      The following should appear under the columns:

      • Under the Name column: Content-Disposition
      • Under the second column: Contains
      • Under the Value column: .vbs

      Set name and value vbs

      Click image to enlarge

  3. Go to HTTP > HTTP Inspection > Policies then click Add. Name the policy then select the users to which the policy applies.
  4. Select the created filter and the action must be Block.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1116902
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.