A short while ago I returned to my laptop to find a reboot request from NOD32 in order to clean a file. A check of quarantine found 2 copies of engine.dll quarantined two hours apart. This maybe because Outpost Firewall protects itself against deletion attempts for obvious reasons. Here is the scanner log entry: 09/07/2009 13:03:59 Startup scanner file C:\Program Files\Agnitum\Outpost Firewall\engine.dll probably a variant of Win32/Genetik trojan cleaned by deleting (after the next restart) - quarantined There is no log entry for the an identical quarantine two hours previous. I also do not understand the "Startup scanner" reference unless it really means 'signature database update scanner' as the signature files were updated at 11:05 and 13:05 . I have a) sent one of the quarantined files to Eset for analysis and b) generated a seperate support request. However, the latter quotes allowing 1 business day for a response. Any suggestions for further action most welcome given the likleyhood that it is a false positive. I am of course holding of any reboot for the moment. Outpost may prevent any deletion and even if it doesn't I can restore from quarantine or backup but I'd rather do something proactive to stop it happening in the first place. *Update* 1. I have an older machine running same versions of NOD32 and Outpost Firewall (engine.dll superfically identical i.e. same file size). Wondered why no NOD32 requests to reboot from that machine and discovered I had the Firewall directory in NOD32's exclusion list! 2. I have searched Eset's "Virus signature database updates" and "Threat Encyclopedia" on their site for "Win32/Genetik". It's not documented on either of those resources!