Malware considered as trusted

I have been testing CIS wit malware from 0-day packages. The strange thing is that all the malware files (100 proof malware) is automatically added to trusted files. Is there a way to look why a certain file is added there. This bug makes D+ obsolete and seems to ruin the AV and Cloud AV detections.
I have tried everything to repair this, nothing helps.

Can you see if the files, and when present the files installers, are digitally signed and if the signers are on the Trusted Software Vendor list? That would be one way it slipped through the cracks.

The other way would be that the individual executables got accidentally white listed by Comodo or the user.

What does this zero day look like? Is it a zip or other archive? Is it some type of executable zip file? In case of an executable zip archive did you get an alert for Unlimited Access and did you grant it? That would explain when using default settings with which files from a Trusted Installer get trusted as well.

Can you send me a pm with a download link for the pack?

Regardless of how it got through, when it was not user error, it needs to be reported to Comodo asap in Report trusted and whitelisted malware here-2012 (NO LIVE MALWARE!). Please follow the instructions on how to submit it.