Sandboxed Items Question

CIS has sand-boxed these items & titled them as unrecognized.


The file path is:


Anyone have a clue what they are? It looks like they belong to Comodo…

Kinda neat how the new CIS makes its own viruses!

Check here, reply #171 from egemen:;msg847406#msg847406


"Fileless malware uses script interpreters such as powershell.exe to execute code through commandline. There are various ways. What CIS 10 does is it catches embedded commandlines and sandboxed them.

But while sandboxing them, we create a file out of them i.e. convert file-less scripts into files in C:\ProgramData\Comodo\Cis\tempscrpt. If is the command-line interpreter. "

Hmm, I have no idea what to do with them since I dont know what the real source is. I dl’d some file recovery software from CNET and CIS may have sandboxed remnants of that software? Yeah, no clue what to do.

For what I understood, they are temporary files created by CIS when CIS catches an embedded commandline.
Once the original app is close, these temp files can be deleted (I did so), so I guess you can safely ignore the sandbox popup and then delete every file in C:\ProgramData\Comodo\Cis\tempscrpt

The thing is, CIS shouldn’t be sandboxing files it creates. Maybe that folder should be on an exclusion list.

if you place it in the exclusion list and the bat file is created by malware, then how can you get it?

From what I understand, CIS creates the bat file, so it should be safe. No need for sandboxing if it’s safe and put in a special folder. Maybe I’m not understanding the principle correctly?

cis creates a bat file from an unknown app that created a script

To see embedded code detection in action open up a command prompt and run this

cmd /C echo hello

or from a command prompt run

powershell -Command Get-Date

You could then go to the tempscript directory to view the scripts and see that they contain the above commands echo hello and Get-Date