Windows Script Host (WSH) runs .vbs and .js files (wscript.exe/cscript.exe). If you don’t need scripts, disabling WSH reduces common USB‑borne attacks.
Disable via Registry
Run Command Prompt as Administrator.
- Per‑user (current user):
reg add "HKCUSoftwareMicrosoftWindows Script HostSettings" /v Enabled /t REG_DWORD /d 0 /f - Machine‑wide:
reg add "HKLMSoftwareMicrosoftWindows Script HostSettings" /v Enabled /t REG_DWORD /d 0 /f
Re‑enable (if needed)
- Per‑user:
reg add "HKCUSoftwareMicrosoftWindows Script HostSettings" /v Enabled /t REG_DWORD /d 1 /f - Machine‑wide:
reg add "HKLMSoftwareMicrosoftWindows Script HostSettings" /v Enabled /t REG_DWORD /d 1 /f
Verify
- Running a
.vbsshould show: “Windows Script Host access is disabled on this machine”. - Check that
wscript.exe/cscript.exeno longer execute scripts.
Notes
- Some enterprise logon scripts rely on WSH. Test before deploying widely.
- Consider PowerShell execution policy separately if needed.
Related Guides
- USB Shortcut Virus – Complete Guide
- Autorun.inf – Remove & Block Auto‑Run
- Enable/Disable AutoPlay in Windows
- Download UsbFix – How to Use
- USBGuard – Protect USB Ports • BadUSB
Last updated: {PUT_DATE_HERE}