I am curious to know what happens, if a malware is signed by a trusted vendor signature. Assuming the anti-virus does not yet have a signature for it, will the HIPS automatically put this file among the trusted files and not monitor it any further? Will the sandbox activate on it? How can we defend against it? Obviously we cannot trust the trusted vendors like this, so it is pretty much useless.