CIS 5.5.xxx.1383 - general AV bug [Issue Report]

The bug/issue

  1. What you did: I downloaded an infected .dll file to the desktop.
  2. What actually happened or you actually saw: When came the AV alert I selected “Ignore”, "Added to Trusted Files ". Trusted Files of D+ doesn’t show this .dll and when I tried to access(example: cut and paste) the file the CIS and Win 7 explorer doesn’t respond, frozen. Next step restart the Windows. Okay the .dll file appear at Trusted Files. I deleted it from there but the real-time protection doesn’t recognize the file.
  3. What you expected to happen or see: AV alert.
  4. How you tried to fix it & what happened: Can not be solved by the user.
  5. If its an application compatibility problem have you tried the application fixes here?: N/A
  6. Details (exact version) of any application involved with download link: N/A
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: N/A
  8. Any other information (eg your guess regarding the cause, with reasons): VT link from file: http://www.virustotal.com/file-scan/report.html?id=b8e223ee0cd38cc3347e7d314bc8bd26d9cbe5f528ffa5e0115d333152bac8e6-1311604102

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug: N/A
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List: N/A
  3. A CIS config report or file: Attached
  4. Crash or freeze dump file: N/A

Your set-up

  1. CIS version, AV database version & configuration used: 5.5.xxx.1383 , 9507, Internet Security profile.
  2. a) Have you updated (without uninstall) from CIS 3 or 4: No
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: Yes
  3. a) Have you imported a config from a previous version of CIS: No
    b) if so, have U tried a standard config (without losing settings - if not please do)?: Yes
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): some modifications (config file attached)
  5. Defense+, Sandbox, Firewall & AV security levels: D+ = Safe, Sandbox = Enabled, Firewall = Safe, AV = Stateful, “Will be treated as” = Untrusted.
  6. OS version, service pack, number of bits, UAC setting, & account type: Win 7, SP1, 64 bit, UAC disabled, Admin account.
  7. Other security and utility software installed: No
  8. Virtual machine used (Please do NOT use Virtual box): No

[attachment deleted by admin]