A script is a file that contains executable or interpretable content that has meaning only in the context of a script processor. This dependency on a specific host process is what differentiates a script from typical executables.

Script rules require two specifications:

  • A script type file pattern definition to allows identification of the script file.
  • A script processor specification that identifies the file that processes the script identified by the script type. You can either specify a string to match for the processor or, for Windows computers, let the File Association list on each agent computer determine the default processor for a file matching the script type. Only one processor may be specified for a script type, even if there are multiple compatible processors.

Examples of script files include Visual Basic scripts (*.vbs), batch scripts (*.bat and *.cmd), and shell scripts (*.sh, *.csh, etc.). Scripts might also be add-ons or extensions for browsers, such as FireFox XPI plug-ins, or application data files such as Word documents (*.docx). Some files, such as Chrome *.crx extensions, are not scripts by definition; however, they are compressed files that may contain . JS, . JSON, and executable programs, and are thus considered "script files" for the purpose of tracking and management.

Examples of script processors include cmd.exe (batch scripts), bash (shell scripts), wscript.exe (Visual Basic scripts), and processes that are not obviously script processors such as firefox.exe, chrome.exe and word.exe.

Certain scripts are identified by their content and may be subject to executable rules rather than the script rules. See Script Rules Identified by Content.

Note:
  • Carbon Black App Control monitors and controls scripts that use script and processor file names that can be identified and defined in a rule. Script processing that takes place in browser memory, such as with JavaScript, is not a candidate for control by Carbon Black App Control script rules.
  • You can configure and enable a set of rules that ensure that Windows script processors only run from expected locations. For more information, see Rapid Configs.
  • Any file smaller than 4 bytes is not inventoried or tracked. Therefore files shorter than 4 bytes cannot be blocked by a Script rule. However, name based rules, such as a Custom rule, still apply to these files and can be used to block them.