I already answered your question: Trusted files are trusted files. They are never going to be reported as malware. Trust is not only for D+ but for firewall, AV and sandbox as well.
Exclusions are files that are skipped.
The sample you are referring is detected as malware and i dont see behavior like you said right now. However lets make sure we have the same settings
1 - Are you using all default settings? Have you changed anything?Have you changed D+ to clean PC mode or anything? Tell me all the changes you did.
2 - How am I going to reproduce this issue?Please tell me step by step as if you are recording video.
If you dont add these files manually, then there is ONLY 1 way these files to get to trsuted files,
1 - Cloud marks this sample as safe(Which is not a case of you sent the corrent sample)
2 - This file is dropped by a trusted installer(Well we will see if this is the case if you can explain how we can reproduce this issue exactly)
If you provide these, i can see what this is about.
First of all, thanks for the confirmation.
1. Now I stand corrected and understand that Naren was right about this. The trusted files are not being scanned for malware. Although I am not comfortable with this fact, it is how it is.
2. No they are not dropped by any trusted source. Actually I found those samples using killswitch in an infected system, copied them through pendrive to a local folder on my desktop.
I did not make any big changes except changing CIS from Internet security to Proactive security. In D+ settings "create rules for safe applications" is checked on.
3. I think I have explained the process to reproduce the issue in very detailed manner in my previous post. In case you did not get it clearly,
a. Scan the folder with CAV with an older bases.cav which does not identify the samples.
b. Now, scan the same folder with CAV with a newer bases.cav which has definitions added for these samples.
c. CAV reports the files as undected, you will be surprised to see those samples in "Trusted files" list.
d. Clear all the trusted files list, scan again, you can see that they are detected now, with the same bases.cav.
The issue is not 100% reproducible but I can say it is 85% reproducible, since it happened to me with 25 samples just exception of 3 samples out of 28 samples I tested for last one month. To remind you again, this is only happening on my machine with CIS x64 installed, I could not reproduce it even for once on my laptop with CIS x86 installed.
Hope this helps.