CyberArk Labs encountered a strange behavior in the file scanning process of Windows Defender. This problem may possibly exist in other anti-viruses, which we have not yet tested. The techniques presented in this blog allow any known malware to bypass Windows Defender and possibly other Antiviruses. In order to examine our attempts to fool the Antivirus, we wrote a simple filter driver that enables us to inspect the file that was actually served to the target machine. We are going to achieve this goal by implementing our own SMB server.”]
Source: https://www.cyberark.com/resources/threat-research-blog/illusion-gap-antivirus-bypass-part-1