I already have A service request for this issue, but i figure if I share the issue here someone will point me to the right direction.
We have selected from categories/AntiSpyware Maximum Protection Report-Selected "Prevent execustion of scripts from the Temp folder"
The problem is instead of sending a report when script runs in temp folder, It generate an events when script is run from C:\Windows\system32\cscripts.exe which is a legitimate script.
As you can imagine, we have a large organization and these events have generated over 90 million items. To be precise, it generate 133334 items in the last hour.
This should help you
cscripts.exe is the process attempting to run the script.
Consequently you would have to add an exclusion for cscripts.exe which is tantamount to turning of the rule.
AP does not allow "Target Exclusions"
Why have the rule then?
There are AP rules that should never be turned on unless there is a Virus outbreak and the interim impact of the AP rule is acceptable to prevent the Malicious behavior.
Thank you dmcgeary for your input:
we have decided to create a rule to purge eventID 1095 older than one week. That is the only option we see at the moment.