Folks, I think that the tree is stopping you to view the forest. Discard engines known to generate many FP and known to flag any runtime packed executable (Fortinet, Panda, eSafe, Sophos, CAT-QuickHeal). Discard little known/new engines (Ikarus, Sunbelt, UNA). Now read the statistics again: -Antivir. -BitDefender. -PrevX. -Kaspersky, NOD 32. -VBA32. -Dr. Web. -Norman. -McAfee. -AVG, Avast. Doesn´t that have a certain sense? Now, my doubts: -why is NOD 32 behind BD and in the same level as Kaspersky? It is in the level of Antivir. -why is Norman behind VBA32 and Dr. Web? I think that it is between both. -why Kaspersky scores so high? They are quick at adding signatures but they heuristics are not so good. -where is F-Prot?