Hi Scott (for others: we're talking about Avira AntiVir) > EGlnl> It's really quite amazing due to the combination of highest > EGlnl> number of updates, fastest update after virus outbreak, and by > EGlnl> far the highest detection of new, unknown malware through > EGlnl> heuristic analysis. I've seen some incredible statistic charts, > EGlnl> but i couldn't find them quickly now. I think they were at the > EGlnl> above site. > > According to the report at > http://www.av-comparatives.org/seiten/ergebnisse/report16.pdf, it has > a high false-positive rate. Yes, but the number of false positives in fact depends on the relevant setting chosen. And it seems false positives were weighted too much in giving the final rating. In real life, most people will not believe their antivirus program if it claims that a program they know and have been using is malware. They will probably be annoyed or perhaps even confused or worried, but they will definitely not usually let the AV remove or quarantine a trusted program they know. And as explained on p. 7, all FPs were reported to the vendors and fixed. The same is true of possible new FPs; some testers and many users will complain about them, and they will be fixed soon. I much prefer getting false positives, which one can easily deal with by clicking "ignore", if the AV program is much better at detecting new malware for which an update does yet exist. AntiVir beat NOD32 81 to 71% in this, and all the other AVs were far or very far below. > ESET NOD32, which is #2 on av-comparatives, and tied on > virus-bulletin, is very interesting: av-comparatives marks it as NO > false positives (the only one marked this way), and fast. It ranks > "Advanced+" on both the on-demand and retrospective tests; the only > other product to do so is Kaspersky, which seems to otherwise be an > average performer. Yes, i've been recommending it to people who can't believe that a free program can be as good or better than a pay version/program. > I'm about to install Comodo here, perhaps we can work out the problem. Thanks, but i'm very busy, so i'll have to wait a while. > I'll also install Avira; I'll see if I can give you an easier way to > disable that message. Easier than right clicking and denying right to execute or installing ProcessGuard? There actually is; just turn off automatic updates and update only manually. (Since users can do this whenever they want to or whenever they need to open an attachment or install a program from a site whose reputability they haven't had time to check, they'll actually be better protected than most because they don't bother to find out how to make AntiVir get new updates every few hours.) If you can find an easier solution than the execution denial, you'll be famous soon. The Internet is full of discussions of this topic. Here are the other methods i collected in the past: block using firewall control panel-> administrative tools-> local security policy->software restriction policies->additional rules->new path rule-> choose the path of avnotify.exe (default is C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe) and the security level (disallowed). Control Panel - administrationtools - local security principles - additional rules + right click and choose new hashrules - browse for and add avnotify.exe (shows as a lot of letters and numbers) and set this rule to "dont allow" -- -------list-services-below----------- Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig> Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi List archives at //www.freelists.org/archives/pchelpers PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig Good advice is like good paint- it only works if applied.