I have a service m_agent_service.exe which frequently runs C:\Windows\SysWOW64\cscript.exe with arguments such as C:\Windows\TEMP\m_a3832.tmp. The execution of the tmp files is being blocked, logged and alerted at the console. Is there a way to whitelist this scenario? Thank you in advance.
How are the *.tmp files created in the first place? Is it a process that belongs to the Meraki Systems Manager Agent product? If so can you not add the binary that creates these files as a Trusted Updater so the *.tmp file is added to the Whitelist and permitted to execute?