For several months now, version after version I have been wondering why my Defence+ is not working. It is not reating to malware files I have downloaded for testing. Instead it adds them to trusted files.
Today I finally noticed that removing the tick from sandbox settings to try to detect installers and updater made a big difference. Now every malwarefile I trowed to it made D+ to sandbox and limit the file. And in several cases also the cloud av-scanner reacted.
I have no idea why D+ detects those files as installers/updaters. It could be some otger process running that is confusing it. But I cant’t tell what it would be. Killswitch was not fooled and it always detected the malware (or as unknown).
But anyway I am pleased now when I got D+ working again.
That is the funny part, these incidents don’t show in D+ events, I think because they are treated as safe, and safe actions does not trigger D+. So no use posting them.
I don’t think installin has anything to do with it. i have had this (I think) from first version of 5.9 (maybe even 5.8). And I have reinstalled CIS several times after that and installed newer versions etc. But the problem remain. Now without that option selected my system works as it should.
I am quite certain it is some kind of bug.