But how did you obtain the sample? Downloaded from web or executed locally after unpacking it from archive? I think that may be a problem because I don't think avast! tracks files this thoroughly to know what arrived from web and what is local. If EXE gets downloaded and is unknown it'll CyberCapture it. If it arrives in a locked archive, you unpack it manually later on and execute the content, CyberCapture won't do anything, despite archive originating from web, because it couldn't do anything with it at the time.
Also, does CyberCapture even work if user decides to only install File System Shield and no Web Shield? One would think CyberCapture depends on Web Shield. Not installing it renders CyberCapture useless even if you have it ticked in the settings. Or does it?