Hi All We have always had the HTTP filter module enabled on NOD as good last line of defence in case the firewall & then the proxy server does not block bad sites. Here is a typical alert we get: Code: 18/01/2012 11:25:45 - Module HTTP filter - Threat Alert triggered on computer COMPUTER-NAME: http://http-sy.ru/PAGEREMOVED.php?id=SESSIONIDREMOVED contains JS/Kryptik.GA trojan. Another site with false/positive results Code: 17/01/2012 11:46:11 - Module HTTP filter - Threat Alert triggered on computer COMPUTER-NAME: http://www.trappednerve.org/ contains HTML/ScrInject.B.Gen virus. VirusTotal.com reports these sites as clean.... Its begining to seem the HTTP filter is reporting clean sites as infected and wonder if ESET are aware of this and what has been done or need to be done to resolved. This becomes a problem if one site is reported to be infected by ESET and several hundred users are trying to get to the site.