I'm not sure if this helps but see below.
Embedded code detection protects you against file-less malware attacks. File-less malware attacks allow malicious actors to directly execute powershell commands on your system. These commands can be used to take control of endpoints, install ransomware, steal confidential data and more. File-less scripts reside in memory so no trace of them remains after the computer is restarted.
Example programs affected by this option are wscript.exe, cmd.exe, java.exe and javaw.exe.
For example, the program wscipt.exe can be made to execute visual basic scripts (.vbs file extension) via a command similar to 'wscript.exe c:/tests/test.vbs'. If this option is selected, CCS detects c:/tests/test.vbs from the command-line and applies all security checks to this file.
- Enabled - If test.vbs attempts to connect to the internet, the alert will state 'test.vbs' is attempting to connect to the internet
- Disabled - The alert will only state 'wscript.exe' is trying to connect to the internet'.
Click the 'Certain applications' link to view and select which apps are analyzed.
See
Select Applications for Heuristic Command Line/Embedded code Analysis for more details.
Background note: 'Heuristics' describes the method of analyzing a file to ascertain whether it contains codes typical of a virus. Heuristics is about detecting virus-like behavior or attributes rather than looking for a precise virus signature that matches a signature on the virus blacklist. This helps to identify previously unknown (new) viruses.
Read More
