How-To Disable Windows Script Host

Numerous spam campaigns are pushing various crypto-ransomware families (and backdoors) via .zip file attachments. And such .zip files typically contain a JScript (.js/.jse) file that, if clicked, will be run via Windows Script Host.

Do yourself a favor and edit your Windows Registry to disable WSH.

Here’s the key (folder).

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings

Create a new DWORD value named “Enabled” and set the value data to “0”.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings

And then, if you click on a .js file, you’ll see this.

Windows Script Host access is disabled on this machine. Contact your administrator for details.

Which is way better than seeing an extortion note.

Updated 2016-04-20: HKEY_CURRENT_USER can be used as an alternative.

Articles with similar Tags