Yes, in addition to automated analysis human analysis must be done for accurate detection. Automated systems usually blacklist malware if the file is malicious with a high level of certainty. For the rest which are not high certainty and for unknown files in general human analysts come into play. Human analysis alone is not feasible because they would have to analyze and blacklist 300,000+ malware files every day and provide verdict for safe files.
[at]Jon79 that is related to the embedded code detection for interpreters such as powershell, wscript, cscript, etc, for sandboxing of so called "fileless" malware.