Static analysis... - scanning the file...isn't it the same as enabling from FS code emulation and scan on execute
The file prevalence\reputation - fire rep service is disabled...I don't need this,I know what I'm downloading.
The file origin/sorce is susspicion - well is it susspicions to run it from program files or the windows folder(run it from where the program is installed)
The file is executed from remote/removavle media - everything is from my hdd and I don't run any progams from USB
Generic heuristic/suspicios content - FS and custom scan have those set to High and they don't say anything
Even File System Shield does not show any alert, there could be some detections inside, just not reached to minimum alert level.
Once alert level reaches to "Sandbox" level applications will be sandboxed, but level does not reaches to "Detection" level no File System Shiled alert appears.
(High alert level)
Malicious (alert appears, moved to chest etc.)
---(maximum heuristics level)
Suspicious (get sandboxed, no alert)
---
Innocent (no sandbox, no alert)
(Low alert level)