The logical extension to this is the addition of firewall and anti-spam in RVS 2011, then the suite will be complete. If part of the point of adding AV to Returnil is to increase the appeal to the mass market, I doubt it is likely to have the desired effect. The average person who uses a suite is not likely to have heard of, let alone be interested in, lightweight virtualisation applications. On the other hand, the kind of people who do use applications such as Returnil will probably already have an AV as part of a layered defence, and are unlikely to want a second one embedded within an application deployed for an entirely different purpose. The anti-execute features within RVS on their own should be enough to prevent the virtual layer from being penetrated. I would have preferred to see further extensions and improvements to the core functionality of Returnil, rather than adding an AV with the consequent drain on resources of maintaining it with up-to-date signatures. This coupled with the fact that, from a preventative point of view, blacklisting is somewhat hit-and-miss when compared with the default deny of an anti-executable. Comodo are going down the same road with the proposed inclusion of Comodo Time Machine in Comodo Internet Security. The difference though is that the design of CIS is modular, and the various components can be installed individually as required. Turning off the AV in RVS 2010 is an option, but will the AV component be unloaded from memory and the RAM it uses released? I suspect not. Please don't take this as a criticism of your post, Blue. I'm merely stating an alternative point of view from a different perspective.