Safe Scene Script Execution

The Safe Scene Script Execution feature enhances 3ds Max's security by blocking certain commands in embedded scripts from executing if they have the potential to cause an unsafe action. Commands are considered unsafe if they operate on something other than the scene or its assets (for example, accessing the operating system ). These types of commands could be used by a malicious script to affect your system, or perform other unwanted actions.

Safe Scene Script Execution is configured on the Security tab of the Preferences dialog. It is enabled by default.

Note: Some security settings can be managed by a system administrator. See Security Settings for System Administrators for more information.

While the malware removal functionality powered by the Scene Security Tools scans scenes only for known malicious scripts and removes them, the Safe Scene Script Execution feature is preventative, and can stop new scripts from operating, but does not remove them.

Note: Scripted commands are not inherently malicious, but what they are asked to perform through their parameters can be malicious. Therefore they are considered unsafe when they are contained in scripts embedded in scene files because they are hard to notice by users, and could be used for malicious purposes.

When Safe Scene Script Execution is enabled:

The security shield icon says "Enabled" and is green:
The counter displays the number of blocked commands
If the "Display notification for blocked command" setting is enabled (the default) the Security Messages dialog appears when a command is blocked.
If the "Display script editor on blocked commands" setting is enabled, the script's debugging editor appears, showing the location of the offending command.

When Safe Scene Script Execution is disabled:

The protection icon says "Disabled" and is red:
Commands are not blocked.

What do I do if a command is blocked?

A blocked command does not mean that your 3ds Max scene contains a malicious script. It means that your scene contains an embedded script that calls an unsafe command. The unsafe command is specified in the Security Messages dialog, though the location is not. You can choose to continue working with the scene and examine it to determine where the unsafe command is called from, or re-start 3ds Max without Safe Scene Execution enabled to try loading the scene again. In this case, you should ensure the scene comes from a trusted source.

What is an embedded script?

An embedded script is a script that is contained in a 3ds Max scene file (.max), rather than in a script file (.ms, .mcr, .mse, .mzp) or typed into the MAXScript Listener for execution. These scene items can contain scripts:

Some controllers, such as Script Controllers
Persistent callbacks
Custom attributes
Scene objects that can contain scripts:
- ClipState
- Crowd Helper
- Some Data Channel Modifier operators
- TextPlus
- Some PFlow objects, such as the Script Operator

Hyperlinks in embedded scripts

When a user clicks on a hyperlink control contained in a scene embedded script, 3ds Max displays a security warning dialog informing them of the link the script is attempting to open, and asking for confirmation to open it.

Unsafe Commands

A scripted command is considered unsafe if it can access operating system resources, or communicate outside the boundaries of your computer. Known malicious scripts do this in order to replicate themselves, or to otherwise modify the system. For a comprehensive list of the commands blocked by this feature, see Safe Scene Script Execution Blocked Commands