And not just a heuristic detection either. For some reason, NOD32 detects my IP binding program, ForceBindIP, as "Win32/ForceBindIP". The software is legitimate program that uses an injected DLL to help bind programs to IPs / interfaces when the program itself does not support such a feature. The executable is even digitally signed. The software is available from http://www.r1ch.net/stuff/forcebindip/ I would love to know the reasoning behind this, especially considering the first I hear of this is my users complaining of false positives. I myself am a big fan of NOD32 and have recommended it to several business users due to its very low false positive rate, but this incident has left me with a lot of questions. I looked at the Virustotal results for my program with great dismay at the number of anti virus vendors that generate false positives. I almost wonder if this detection was added solely based on the fact that other AV vendors have ridiculously high false positive rates. I did submit to samples@eset (twice now I believe), but I received no response. What's my next step to get this fixed?