Page tree
Skip to end of metadata
Go to start of metadata

Problem

I can not bring up the scripting environment or run a script in Windows 10

Solution

By default, Windows enables Data Execution Prevention (DEP) for essential Windows programs and services only, and leaves it disabled for everything else. This is known as the OptIn DEP setting as stated in Microsoft Support. But CIS Level 1 settings change this to OptOut, where DEP is enabled by default for all processes except those explicitly stated in a system-level exceptions list. It appears that a program cannot unilaterally declare that it is immune from DEP (so we can't just flag it as such during installation).

There are a few possible ways to work around this

  1. Set the system DEP setting back to OptIn, the default. This lowers system security, though, and is not a good idea in the long term. It will also probably be overridden by IT policies over time.
    1. Right-click on My Computer and choose Properties. Then click on the Advanced tab and then Settings under Performance
    2. In Windows 8 or Windows 10, you right-click on This PC, choose Properties and then click the Advanced system settings link
    3. Click on the Data Execution Prevention tab and you’ll see two radio buttons
    4. Click Turn on DEP for essential Windows programs and services only to select the OptIn policy
    5. Click OK two times
  2. Add a system level DEP exception for just ScriptingEnv.exe. This is probably the best solution, but is more involved:
    1. The user can run the EMET GUI application and add the exception. You should choose the Apps toolbar icon as shown below
      ,
      then the Add Wildcard button in the new window. You then enter ScriptingEnv.exe (no quotes) in the text box and press OK. Now you must uncheck the DEP column checkbox for the new entry you just created
      .
      Press OK at the bottom of the window, close EMET, and reboot.
    2. Alternately,  here is a EMET ScriptingEnv to import.xml file that the user can import directly into EMET. There's an Import button near the top of the main window. Import the xml file and reboot as in (a)



 

  • No labels