In the videos posted here, the first scan appears to have send unknown files to the cloud. Then the second scan detected these previously unknown files when a scan was repeated only moments later. It is inefficient to require the user to conduct a whole second scan to detect files that were submitted to the cloud.
Perhaps CIS should keep an internal list of unknown files that were sent to the cloud during a manual or scheduled scan. When the cloud has returned a verdict for all those files*, it should automatically pop-up the “scan results” window stating “During your previous antivirus scan, unknown files were submitted to the cloud. Of those submitted files, the following files were found to be malicious.” Then, the files can be cleaned/quarantined. This would allow the user to eliminate all known malicious files (based on the current signatures file and on the cloud signatures) with only one scan*.
Also posted here
*Perhaps CIS could automatically rescan only the “unknown” files that were submitted to the cloud (say every 60 minutes) until a verdict is delivered for all the files.