"This is because they have been signed by a trusted certification authority, and AMP has safeguards against potential false positive detections."
This seems like a pretty bad idea. What about things like CCleaner that was packaged with malware last year? Can we blacklist these files that are considered built in exclusions? Is there any plans to allow us to modify or disable this exclusion list?