imo this is the element of Comodo security that ties it all together. Bascially, Comodo monitors Windows script hosts based on your choices in the command-line/embedded settings and then also the use of embedded scripts. This is done separately from the rest of the program...unconditionally. If something wants to run a script you will see a -> heuristics alert. If it tries to use script contained in another file (embedded script), Comodo takes a portion of the script and creates a file with that portion of the script in the file. You will find those files in C:/Program Data/Comodo/CIS/tempscrpt. So then the embedded script can only run based on whether you choose to allow for that tempscrpt file, which Comodo considers an executable. Basically, this converts what would be a memory operation into a file form so that its use can be monitored.
I have enabled all of the heuristic command-line protections including embedded ones, and I recommend doing so for everyone. That said, you may run into a situation where a single legit application creates a temp file which is used by a script someplace. In this case, if the file is randomly named and is used by script, the tempscrpt folder can potentially gradually fill with separate files that pile up one by one each time you use the application. Chances are you won't ever run into this however. The only one I see like this is from 360 browser extension which uses a script to remain connected to the main 360 Total Security application every time I start Chrome. I guess it has to do with 360 being able to alert to possible malware drive by attempts and then maybe to check the settings to make sure secure shopping is still enabled, etc. It's the only app I have seen have this issue, although I have seen the Comodo monitoring work very well on batch (cmd.exe) and other script files. Highly recommend enabling them all. Very unlikely you will have issues.
