I just installed NOD32 v4 on a network that has two servers and 30 workstations. We are using MS SBS 2003, when our backups run (using the SBS backup utility backing up to external USB drives) NOD32 finds some phishing related files when backing up the Exchange Mailboxes. At this point all network traffic is shut down on the server until I click through the dialog boxes asking if I want to clean or delete the files. After I do that then network traffic starts working again. Under the Options for Real-Time file System protection I have the cleaning level set to Strict Cleaning hoping that this would cause the server to automatically deal with the issue and not prompt for input, but this isn't helping any. My users that like to come in early or work on the weekend are getting a little angry because their workstations can't communicate with the server until I click through these messages on the server console. In RAC when I look at the Threat Log the entries look like this. Name Threat Action Information \Device\HarddiskVolumeShadowCopy76\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive\ARCH_20080205110105027519350.EML HTML/Phishing.gen trojan error while cleaning Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\ntbackup.exe. My concern is that I don't want the server shutting off network traffic when it finds something. I can see where that would be nice on a workstation, but I really don't want the server behaving this way. Is there a way to change the default behavior or turn off one of the features that would keep this from happening? Any help would be appreciated.