Wow, I can't believe the ~ Snipped as per TOS ~ match this created. As with all things, it comes down to whether you trust it or not. It really is that simple. I personally wouldn't feel comfortable having one running real-time. But I've deployed a measure to auto-scan only new downloads that I find very convenient. I think some of the stuff Fuzz has said was blown out of context though. Relying on measures built into your OS is hardly "primitive". Here on ancient ol' XP, via LUA with folder permissions, and a default deny SRP with proper whitelisting, I have a very functional & secure setup that leaves very little need for 3'rd party software. This is where my approach starts, from the kernel up, so to speak. I consider the approach an oldie, but goodie, I suppose. I'd also have to say I consider HIPS & Sandboxie as whitelisting approaches, not blacklisting, but I suppose it depends on how you deploy it. I personally set everything in D+ to "Ask" to start out. Then allow my known safe apps whatever access they "need" to function properly as the popups come. The first couple weeks on a freshly installed OS can be frustrating... but you'll thank yourself for it later. Now I never hear a peep out of D+, and that's on Safe Mode with no trusted vendor list.