OK, I read through the .pdf's of the tests Scoobs found - thanks again. I'm only going to discuss the most recent one, as it uses live malware and is from this year. http://www.trusteer.com/sites/default/files/Mandiant.pdf I found very careful wording used to describe what Rapport actually did, in fact there is a numbered footnote to explain specifically what the testing company is reporting on. I'd quote it here, but the .pdf is marked "confidential and proprietary" so I guess that means you'll have to read it yourself. Please see page 9, read the paragraph under the table and also footnote 5. What I gathered from this is that Rapport prevented all 25 malware samples from communicating, terminated their malicious processes and prevented them from reloading at startup. It also notified the user OR logged the event MOST of the time (!) and Rapport itself was not disabled by any sample tested. Here's the problem for me: I didn't see anywhere that Rapport removed the malware, nor does it appear that Rapport was tested for prevention of initial infection. Rapport claims to do both in its marketing materials. So, I'm left wondering...is my antivirus or antimalware expected to handle detection and removal in some or most cases? Can it do so properly if Rapport has blocked the malicious software? How do I know, especially if Rapport doesn't log or alert every time it takes action? Please read it for yourself and decide.