ok, I've set up the rule, with 'block' and 'quarantine' as the actions.... downloaded the 'adware fake optimizer' into the 'malware' folder, and run the fake optimizer program... which alerts UAC and proceeds with its 'select a language' installer... at what point should Comodo have jumped on it and blocked/quarantined the program?