I double clicked on the fake AV.
I viewed the active process list.
The privacy.exe is partially limited.
I checked the list of unrecognized files.
The privacy.exe is not in the list.
That’s because the first launch parent was 13.exe, I’m pretty sure if you fire privacy.exe on it’s own that it will be added to the list.
Can you please verify?
Is this privacy.exe a child process of 13.exe?
I think that CIS should automatically add the child process to the list of unrecognized files,
so that this child process can be scanned by the cloud scanner.
+1 :-TU
That’s an other question, but I think seen behavior is ‘by design’.