1: CIS version:
8.2.0.5005
2: OS version:
Windows 7 64-bit
3: What you did:
Quarantine a shortcut which contains the following parameters:
C:\Windows\system32\cmd.exe /c start Skypee\AutoIt3.exe /AutoIt3ExecuteScript Skypee\googleupdate.a3x explorer “%CD%” & exit
4: What you actually saw:
CMD.exe (legitimate windows file) was placed in quarantine instead of the actual virus file that is being executed. Later, when performing manual purging in Quarantine, the system file CMD.exe is removed (after system is restarted).
5: What you expected to happen or see:
When Quarantine is performed that involves CMD.exe, it should analyze first if parameters contains an executable or script. In this case, either the executable “Skypee\AutoIt3.exe” and/or its script “Skypee\googleupdate.a3x” must be quarantined.
6: If possible attach a screenshot illustrating the GUI problem
None. It can be easily reproduced by creating a shortcut and perform steps 3 to 5.
Not a bug from my point of view. You might want to rephrase it as a wish request.
OK then, I will move this in the wish list.
Already in wish list. Thank you