Hi,
You can't change the service's default execution location for embedded scripts.
However can stop vbs scripts from running from the temp folder by not embedding them. Deliver the script in advance then then execute this from a cmd script (assuming cmd scripts executed from the temp folder are ok).
If it's malware prevention you're after a good AV product is the answer. Heuristic protection is very good nowadays and most people trust this route. It's the old issue of the balance of security and usability.