I don’t remember having seen whatever bug reported in the “standard format” resulting in a fix (as i don’t remember whatever suggestion in the wishlist, some of them being very pertinent, being adopted).
The only time i took a lot of time to report a bug in the said format, i was said a few days later that my issue was true enough, but orphaned (i.e. not concerning a large enough number of users), and thus would not be corrected.
As for what we are concerned with, i am afraid that is is not a bug, but some kind of “hidden feature”.
I made an experiment leading to the same result:
-delete all of the trusted editors list, and disable the sandbox, choose not to trust any editor and customize your firewall and defense+ to ask for everything (the latter set in paranoid mode, monitoring everything, customizing every application including windows).
-Now run a bat file launching ms standard shutdown.exe for xp: once you have allowed explorer to launch cmd.exe and ntvdm, you are not warned of anything, meaning that ms is trusted altough you only decided to allow whatever application (including system) on a per case basis.
-Let’s now download a third-party sthudown.exe (not malware, e.g. Andrej Bujda, Didier Cassereau, NT Resource Kit…), and replace the genuine one in the same location: now, you are warned altough the executable has the same name (or you rename it when it does not) and location.
Similar experiments have been made by another user using various sysinternals (formerly ms) executables.
A contrario, whatever remote control executable you shall use (not only various vnc flavors but also e.g. radmin) are not like ms and sysinternals “hidden whitelisted”, but “hidden blacklisted”, and there’s as i have shown nothing to do to it on the user’s side, and also independently of the user’s platform.
There’s indeed no need to write a bug report, whether the format is said to be acceptable or not, because this behavior is universally reproducible and seems to rely only on something hardcoded in the comodo executables.