I was wondering what if along with infected file CIS also searched and deleted any entries from registry that matches the file name, or name + path (Maybe after asking the user?)? Would that be dangerous to the system?
CIS also scans for infected registry keys.
It think it doesn’t operate the way you describe it, it detects them based on definitions.
If CIS worked the way you described it would be likely that, eventually, something that should be erased, would get erased. Specially if the virus name was something rather generic.
Ofc that could be some limitations to what CIS could delete, for example if CIS only looked up for the virus name in the startup entries then I guess it would be pretty safe. Even more if a restore point was created, or some other form of backup.
But I guess that the safest way would always be to have malicious registry keys in the definitions.