CIS does not terminate the process of the malware detected by the cloud scanner

defense+ events:

011-08-17 01:35:48 C:\Documents and Settings\Roger\桌面\virus\readme\readme.exe Sandboxed As Partially Limited

2011-08-17 01:35:54 C:\Recycle.Bin\B6232F3A12A.exe Sandboxed As Partially Limited

2011-08-17 01:35:55 C:\Documents and Settings\Roger\桌面\virus\readme\readme.exe Scanned Online and Found Malicious

2011-08-17 01:35:55 C:\Recycle.Bin\B6232F3A12A.exe Scanned Online and Found Malicious

2011-08-17 01:35:56 C:\Documents and Settings\Roger\桌面\virus\readme\readme.exe Access Memory C:\WINDOWS\explorer.exe

2011-08-17 01:35:56 C:\Recycle.Bin\B6232F3A12A.exe Access Memory C:\WINDOWS\explorer.exe

2011-08-17 01:35:56 C:\DOCUME~1\Roger\LOCALS~1\Temp\RYU295.exe Sandboxed As Partially Limited

2011-08-17 01:36:02 C:\Recycle.Bin\B6232F3A12A.exe Modify Key HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations

2011-08-17 01:36:03 C:\Documents and Settings\Roger\Local Settings\Temp\RYU295.exe Modify Key HKUS\S-1-5-21-1390067357-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3A9F7XXE5VHHTVBMO

2011-08-17 01:36:03 C:\Documents and Settings\Roger\Local Settings\Temp\RYU295.exe Access Memory C:\WINDOWS\system32\winlogon.exe

2011-08-17 01:36:03 C:\Documents and Settings\Roger\Local Settings\Temp\RYU295.exe Modify Key HKUS\S-1-5-21-1390067357-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1

The malware is STILL active after the cloud scanner detects it.

I wish CIS terminates the process of the malware immediately
after the cloud scanner or antivirus detects it.

[attachment deleted by admin]

Howdy;

011-08-17 01:35:48 C:\Documents and Settings\Roger\桌面\virus\readme\readme.exe Sandboxed As Partially Limited

2011-08-17 01:35:54 C:\Recycle.Bin\B6232F3A12A.exe Sandboxed As Partially Limited

It’s been sandboxed, thus Simply will be gone on next restart;

But +1 For the actual idea of “When found remove/clean”

Hi,

we will discuss this enhancement.

Thanks a lot for post.

What about users who do not restart their PCs often, does Co-Mo-Do notify the user about a reboot?

The malware runs sandboxed. It cannot do harm. In the current situation all you can do is to close down the malware in the sandbox after having been alerted.

Will you be able to clear auto sandbox without a restart in cis 6