I understand why many anti-virus programs trigger on the Nirsoft utilities that *I* chose to install on my host. At least, even with Virus Guard, I can whitelist those files by adding them to the Exclude list. That seems to happen with every AV product. However, Virus Guard was also false alerting on update files for Avast. I'd get an update for avast which puts its file in the %temp% folder before extraction and Virus Guard would alert on it. Well, I suppose it does have the malware signatures in it on which Virus Guard would alert. Alas, I cannot whitelist these temp files because they'll have a differently randomly generated numbered filename for each update. The last example of a false alert on Avast was: Date: 12/29/2010 10:45:14 PM Malware Type: Security risk Malware Id: W32/Heuristic-COC!Eldorado Detection Accuracy: Heuristically identified Location: \DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP\_AVAST5_\UNP55841812.TMP First accessed by: \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\AVASTSVC.EXE Detected by: Real-time Scan in Standard Mode on 12/29/2010 10:45:09 PM started at 12/29/2010 10:22:11 PM Quarantine Status: Not quarantined. Restore Analysis: Done. Restore File: N/A Since I really don't need two AV programs attempting to provide the same basic coverage (and because Avast has more features), I disable Virus Guard in RSS. Presumably Avast will still be active in the virtualized state (although anything it quarantines or any action committed by it, like deleting a file, will probably get lost on a reboot). While Virus Guard may have won a VB100 award, many low-coverage performers happen to make that list. Plus VB lets failed products to get updated by their vendors to retry passing the VB testing (I forget how many retries they get but I think it's 3), so rather than a fair test the failed vendors get a chance to cover their butts. I've stopped relying on VB100 awards a long time ago. AV products with low coverage (anythin below 90%) can still get the VB100 award. I'd rather trust a site like av-comparatives.org but even their testing is limited. Virus Guard isn't even mentioned at that site which could be the vendor requesting their product not get tested (which is how Comodo kept their poor AV program from inclusion and also by keeping it in "beta" status for somewhere around 3 years), ask the results not be published, or their coverage is too low to include in the report with the other top performers. I don't see the point of duplicating AV programs on my host especially since they may conflict with each other, duplicate some of their detection abilities, and can false alert on each other during updates. So I'll go with Avast and disable RSS' Virus Guard. Hopefully there aren't other functions of Virus Guard that would be lost that aren't specifically the realm of AV programs but some additional protection offered by Virus Guard.