Which scripts? Malicious scripts...yeah. But you can stop using wscript,mshta,bat,etc... and only allow powershell signed scripts with JEA restriction.
Running and installing are different things. A popular dropper I frequently run into for example never drops an executable to disk, it loads base64 from registry, decodes/decrypts it and reflectively executes the .NET assembly which in turn decodes and executes shell code from registry.