"Fileless malware uses script interpreters such as powershell.exe to execute code through commandline. There are various ways. What CIS 10 does is it catches embedded commandlines and sandboxed them.
But while sandboxing them, we create a file out of them i.e. convert file-less scripts into files in C:\ProgramData\Comodo\Cis\tempscrpt. If is the command-line interpreter. "
Hmm, I have no idea what to do with them since I dont know what the real source is. I dl’d some file recovery software from CNET and CIS may have sandboxed remnants of that software? Yeah, no clue what to do.
For what I understood, they are temporary files created by CIS when CIS catches an embedded commandline.
Once the original app is close, these temp files can be deleted (I did so), so I guess you can safely ignore the sandbox popup and then delete every file in C:\ProgramData\Comodo\Cis\tempscrpt
From what I understand, CIS creates the bat file, so it should be safe. No need for sandboxing if it’s safe and put in a special folder. Maybe I’m not understanding the principle correctly?