The modifications are the malwares attempts to get into your system. The HIPS has prevented this. The malware is has not affected your system in any way at this point. Sure, the installer can be sitting in your temporary internet files inert. This is not a security risk. If the malware were to have to wait until the AV was able to detect it, this would not be the case. As likely by the time it is picked up by the AV, it has already done damage to your system. At this point, it is a cleanup effort instead of a simple modification denial…
The Eicar files aren’t a good case in point because they are special cases and aren’t treated as most files in CAV. The AV in CIS is an on demand scanner. By definition, this means a file is not scanned until it is accessed. This means that downloads in general aren’t scanned until the file is accessed. The Eicar files don’t follow this procedure however, and are scanned on download. Why this happens I can only assume is from all of the files of people screaming that Eicar isn’t detected when they download it.
So to recap, Eicar hasn’t actually tried to do anything on your machine, which would alert D+. Instead, Eicar seems to belong to a unique subset of file types that are in fact scanned on download instead of the normal on-access method.