Hi guys was playing with malwares and had a strange behavior ( I guess it’s new )

I HAVE NOT EXECUTED ANY FILE so nothing in the sandbox and I got a “CloudBehavior.Suspicious@1” alert.
The file in quetion was unknown and never seen by CIS before. But now it seems that Instant Malware analysis check unknown files even you have not executed it (so not sandboxed etc…)

Am I the only user to have experienced that ? 88)

Actually CS has been doing it for some time I think. Maybe more now. When you open a directory the OS does various things with files icons etc and that draws CIS’s real time scanners’ attention, I think just in case anything is going on…

If it does not like what it sees it, or the behavior it observes, it will quarantine.

Best wishes