Trojansimulator automatically added to trusted files

I wanted to test abilities of new CIS and I was surprised that trojan simulator file (trojansimulator.exe) was added to trusted files even tho antivirus part marked as a malware. I click Ignore-Once tree times to stop antivirus warning and check trusted files and it is there. Antivirus knows it is malware and it automatically goes to trusted files, very bad.

Isn’t it just doing what you ask? You trust it in spite of three warnings.

No, it adds also the other file TSserv.exe which gives no antivirus warning (probably safe service file). Ignoring is not same as placing to trusted files. Eicar files I ignored many times and still not in trusted files.

P.S. Eicar got to trusted files only after I run it and it tried to run in sandbox and I turned off sandboxing of eicar.exe. Trojansimulator didn’t even try to run in sandbox and was launched and automatically added to trusted files. I think files marked as malware by antivirus even if you do Lookup check should not be allowed to do this automatically. I guess there is some problem with cloud or something, maybe ppl marked it as safe maybe, but eicar.exe doesn’t do this problem and is much more known that it is a safe file in reality.

Hmm, even worse situation now. After repeating this experiement several times I actually GOT sandboxing and everything as it should be. But previous several attempts just added file to trusted files without sandboxing. Apparently CIS is not consistent in what it does. Sometimes unknown files are sandboxed and sometimes not :frowning:


I too had mentioned this earlier. I dont understand this behaviour of CIS. May be CIS is not consistent with its functions or there is a flaw in CIS.

Trojansimulator is detected by CAV but sometimes tsserv.exe is detected & trojansimulator.exe is on the trusted files. I dont know how & why???