1. What actually happened or you saw:
An Unrecognized file is downloaded and executed. CIS applies Unrecognized rules in containing the file and the file is rated as Unrecognized in the local File List.
Alternatively, a Trusted file is downloaded and executed. CIS applies Trusted rules and allows the file to execute and the file is rated as Trusted in the local File List.
At a later time, the same Unrecognized or Trusted file is re-executed - but - by this time Comodo has reclassified the files as Malicious; the file is detected as Malicious either via signature or Cloud query. However, the file is still rated as Unrecognized or Trusted in the local File List.
2. What you wanted to happen or see:
When the file is detected as Malicious - the file rating in the local File List should be updated - automatically changed from Unrecognized or Trusted to Malicious. (Currently, the user has to manually change the rating in the File List).
3. Why you think it is desirable:
Not automatically changing a file to Malicious - that was previously Unrecognized or especially Trusted - within the File List upon detection could potentially cause re-infection under specific conditions.
For example, if the Malicious verdict is in the Cloud - and a signature has not yet been created and is not in the local signature database - and the system cannot connect to the internet - a Trusted (but now Malicious) file will be allowed to run instead of detected and blocked - if somehow re-introduced to the system - for example, by USB.
Re- or continued infection risks additional, preventable data theft.
The probability is low that such a scenario would happen - but it is nevertheless a security hole…
4. Any other information:
None.