But why did CAV didn't detected the files second time??? Is this a bug in CAV?? or care to give info on this. Coz I find it strange CAV detecting the files first time & not detecting second time.
It is because the way CIS works. Due to speed optimization, it does not do TVL cloud lookup on on-access, but when a file is detected as malware it verifies in cloud if it is safe, as it can be false-positive also, and if so, vendor is added to local Trusted Vendor List.
Next time when file was executed, vendor was already in TVL as last check found vendor in cloud and added to local TVL list and therefore there was no alert in second attempt.