@ticklemefeet Maybe they had a sample another vendor hadn't encountered yet, it happens all the time. How prevalent is the sample in the wild? Where does the sample originate from? How many people have been affected by the sample? What was the detection for the sample? etc. All valid factors.
No need for me to down-talk them about the detection, unless it was a false positive then good on them. But in reality it doesn't really make a difference, they don't come close to the technology mainstream vendors have.
You can trust them and try it out if you want but personally I'd recommend against it, that's my personal opinion though. My opinion is based on the fact that I don't think they look particularly professional nor trust-worthy, it's a natural instinct. It doesn't mean they aren't trust-worthy or professional factually.
You can test your VirusTotal theory by finding a new zero-day sample and uploading it to VirusTotal. If they flag it and the detection name is not narrowed down to a specific threat, then re-test with some completely different zero-days which come from a different background. If the result is the same then it means your theory is likely correct. However I've been on VT the past few days and didn't find CMC flagging anything.
Remember that the engine on VT is not necessarily the one incorporated into the end-user products though. The VT engine may be more/less aggressive than the engine in the end-user consumer products.