CAV Part 2

The next file is detected by Comodo according to VirusTotal.
But when I download and run this file, CAV is quiet (on access).
It is sandboxed but still not detected by real-time AV module.
Submission says that it is unknown.
On-demand scan detects it.

Why CAV doesn’t catch it during or after download?

[attachment deleted by admin]

Though rarely but I have also seen this behaviour.

Would like to know the reason for the behaviour. Bug or any other thing?

Such things also happened to me.
My idea is that the file is a self extracting archive containing infected files. CIS realtime scanner does not identify the archived files.

Does CAV detecting anything if you allow it to run and when it executes ?

Check the attached screenshots…this is all I get…
It is sandboxed and then it crashes…no active process is left in Sandbox…

[attachment deleted by admin]

It must be problem then…

Disable archive scan in CAV scanner settings and check whether a rightclick scan detects it or not…just out of curiosity

It is not detected after archive scan has been disabled.

Then this is something that I expected. But, surprisingly they must be detected after they are extracted in realtime. PM egemen about this, may be he will have a look.

■■■ sent to egemen and umesh.