Constant alerts about .ps1 file attempting to run

Hi, for about 5 months, I’ve been getting pop-up alerts asking if I want to run a PowerShell script located in C:\ProgramData\Comodo\Cis\tempscrpt. The filename is C_powershell.exe_D418DC65DD92CD548C438929C028BFAE922F8FB5.ps1.
Content: -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup';$upgradeExe = ‘CarboniteUpgrade.exe’;$upgradeFullPath = $carbProgramDataPath + $upgradeExe;$logFile = ‘CarboniteUpgrade.log’;$logFileFullPath

Should I allow this is as a trusted/allowed/system file? I do use Carbonite.


It is OK to allow these CIS-internal script files to run virtualised/contained/sandboxed. For background information see here: Exciting News: Comodo Internet Security 2024 Beta Now Open for Testing! - #517 by infosec

1 Like

first recheck if that app is real conodo app - signed etc - CarboniteUpgrade.exe