Safe Scene Script Execution

The Safe Scene Script Execution is a default security feature that searches for dangerous commands in embedded scripts.

A dangerous, or unsafe command is a command that could be used by a malicious script to affect your system, for example a command used to access your operating system, instead of your scene. Scripted commands are not always dangerous, but they can be hidden in scene files and used for harmful reasons.

Scene Security Tools only scans and removes known malicious scripts from scenes. It cannot remove new scripts, although it can prevent a new script from running.

Configure Safe Scene Script Execution in the Security tab of the Preferences dialog.

Note: Some security settings require administrator permission. See Security Settings for System Administrators for more information.

When Safe Scene Script Execution is enabled:

The security shield icon says "Enabled" and is green:
The counter displays the number of blocked commands
If the "Display notification for blocked command" setting is enabled (the default) the Security Messages dialog box appears when a command is blocked.
If the "Display script editor on blocked commands" setting is enabled, the script's debugging editor appears, showing the location of the offending command.

When Safe Scene Script Execution is disabled:

The protection icon says "Disabled" and is red:
Commands are not blocked.

What do I do if a command is blocked?

When the Safe Scene Script Execution blocks a command, it does not mean that the scene contains a malicious script. It means an embedded script that calls an unsafe command has been discovered.

The unsafe command is specified in the Security Messages dialog box, though the location is not.

You can try two things:

Continue working with the scene and try to locate the unsafe command
Restart 3ds Max without Safe Scene Execution and load the scene again, but make sure that the scene is from a trusted source.

What is an embedded script?

An embedded script is a script that is contained in a 3ds Max scene file (.max), rather than in a script file (.ms, .mcr, .mse, .mzp) or typed into the MAXScript Listener for execution. These scene items can contain scripts:

Some controllers, such as Script Controllers
Persistent callbacks
Custom attributes
Scene objects that can contain scripts:
- ClipState
- Crowd Helper
- Some Data Channel Modifier operators
- TextPlus
- Some PFlow objects, such as the Script Operator

Links in embedded scripts

When you click a link in an embedded script, a warning appears to warn you it is attempting to open a link, and asks for confirmation before opening it.

Unsafe Commands

A scripted command is considered unsafe if it can access operating system resources, or communicate outside the boundaries of your computer. Known malicious scripts do this to replicate themselves, or to modify your system. For a comprehensive list of the commands blocked by this feature, see Safe Scene Script Execution Blocked Commands