Today i tested some zero day threats against CIS by running them. Most of them are trojan ransoms.
i checked to automatically quarantine threats found during scanning in antivirus->scanner settings->real time scanning.
After that, i executed trojan ransoms like video12.avi.exe, CIS failed to block those threats, because CIS partially limited them and completely failed. there is no way the system can be cured.
After that, i changed partially limited to limited, CIS successfully blocked all those trojan ransom threats.
The problem founded at this situation, the main problem is,
i unchecked the automatically quaratine threats found during scanning and instead of executing them i selected save and when i opened the saved location CIS antivirus alert came and removed the threat which previously telling the the file is unrecognized(when executed) and
heuristics caught that same unrecognized trojan ransom when it is saved and opened its location.
sorry for my bad english, i tried my best … please solve this important security problem…
in brief:
CIS(trojan ransom executed,with partially limited,automatically quarantine)=failed
CIS(trojan ransom executed,with limited,automatically quarantine)=successfully blocked,av and cloud not detected
CIS(trojan ransom saved,unchecked automatically quarantine)=av heuristics detedted(remember same troj.ransom)
so av not detected when executed,automatically quarantine setting…when the malware is same one.