As I was also interested in how VS would handle things I went into the Magniber annex of my Zoo and plucked out 20 samples (some validly signed, some signed with the certificate revoked, some regular riff-raff and a few slightly modded). Of these 20 VS immediately (kinds-sorta immediately as for a few it took some extra seconds to "think") detected 15 as malware; the remaining 5 resulted in a couldn't identify popup (which had to be over-ridden in order to execute, which is not an optimal decision to make)). I then rebooted the system and ran those 5 again- this time they were recognized as malware with identical alerts to the pre-boot 15..
Anyway, that Malware item that I noted earlier for DefenderUI Pro (valid signature but no counter) resulted in this:
[ATTACH=full]268304[/ATTACH]
And as a change of pace I tried out a Strrat signed by Microsoft (Countersigned but revoked a bit ago):
[ATTACH=full]268306[/ATTACH]
But in short, VS protects as should be expected.
M
