When VirusScan Enterprise (VSE) is installed with the ScriptScan component, it inserts a proxy between the incoming script and the Windows scripting host. This can cause poor performance with webpages and web-based applications that are script-intensive. It is now possible to whitelist URLs for trusted web sites, such as sites within an intranet or sites that you use frequently and know to be safe.
This functionality is available in:
- VSE 8.8
- VSE 8.7i with Patch 1 and later
NOTES:
- Do not use wildcard characters.
- Partial URLs can be used. Be cautious when specifying partial matches to avoid excluding scripts from unexpected websites. For example, adding only www would exclude scripts from any source that contains the characters www in the URL.
- You must enable Browser Helper Objects.
- The product development team suggests that you use only Fully Qualified Domain Names and NetBIOS names.
Examples:
Internal URL
To exclude the script named script.js from http://internal.something.local/scripts/script.js, the URL exclusion would be internal.something.local.
External URL
To exclude an external URL such as http://www.mcafee.com would be www.mcafee.com.
- If your DNS server records contain CNAME entries for a particular URL, exclude them.
- Webpages can run scripts hosted on other sites or locations. If you require access to a script hosted on another site, you must also exclude the URL of the host site.
- Do not include port numbers in exclusions. If a port number is specified, the exclusion will be ignored as invalid.
IMPORTANT:
Although it is possible to disable ScriptScan, the product development team recommends that you first create and test exclusions before you completely disable this feature. There is some security risk in disabling ScriptScan because applications like Outlook and Internet Explorer can render and execute scripts before a file has been created on the local system. It is important to point out that the On-Access scanner can stop the payload of attacks via this medium, but ScriptScan has the added advantage of preventing an actual threat from executing in the first place.
Customers can be confident that even though ScriptScan may not be right for all environments, VirusScan Enterprise 8.x provides superior protection against blended threats, with integrated Buffer Overflow protection for common desktop applications and services, Access Protection rules to block and contain common threat models, and true On-Access Scanning for malware, including Anti-Spyware, and rapid-response daily-DAT updates, backed by the power and performance of ePO.
The product development team
recognizes, however, that this can potentially put customers in the difficult position of making the trade-off between enhanced protection and end-user performance. Customers can elevate their protection level back to a comparable level by installing a Secure Web Gateway appliance just behind their externally-facing web servers. This solution will provide the same protection as ScriptScan, but is directed only at the external web traffic, leaving the internal portal traffic unencumbered.
