I find it odd that all these AV's are vulnerable to this type of attack and that no one has mentioned it before. You would think the AV companies know this and why haven't they fixed it?
There are many scenarios predicted and blocked, there are many that are reactively patched and many to be discovered yet.
When it comes to attacks with scripting involved, it’s a bit iffy as it may look like admin/user wants to execute the actions.
There is a very thin line between blocking attacks, and blocking basic OS functionality and filling up your forums with annoyed users.
The Norton WS.Reputation.1 (initially Reser.Reputation.1) is a very good example how a great idea, in this case blocking unknown executables, can piss a lot of users off and may have to be “dulled” later on — at the expense of security.
In cybersecurity there is always something to be learned.