The Sentinel system monitor will give a fair amount of false positives on installer files (they can look like trojan downloaders). To minimize this, it's a good idea to disable the Sentinel system monitor before downloading (do not run/install yet), scan the file with ClamWin or upload to Jotti/Virus Total, then install if okay, activate the system monitor, and then run the file to see if you need to whitelist something. Of course, you should only download from legitimate sites first of all.

You used to have to do something like this with a lot of AVs until they refined their heuristics. I think Andrea will do something about it in a version after 1.16.

Regards,

Good tip about Sentinel heuristics, Bob. Thanks. And I am careful about scanning anything that doesn't come from Softpedia, FileHippo or Major Geeks. For other downloads I use the VTzilla add-on in Firefox 3.6 (doesn't work in K-Meleon, though) to pre-scan files before downloading. https://www.softpedia.com/get/Internet/Internet-Applications-Addons/Mozilla-Extensions/VTzilla.shtml Another must have is the Virus Total Uploader. https://www.softpedia.com/get/System/OS-Enhancements/VirusTotal-Uploader.shtml

Cheers!

Edited for hyperlinks. When did they become live, or did I just need a certain amount of posts?

I don't know about the hyperlinks--seems like they've always been available.

The Virus Total uploader is great if you have to check out a bunch of files. I find Virus Total busy a lot however. I think Jotti may be a bit better. It has a smaller number of AVs and is quicker per scan. I"ve also noticed a couple of times that its Clam signatures are more up-to-date than those on Virus Total. They are both great services, however, and they really help the AV companies by sending them signatures, which is especially helpful to smaller AVs without a large virus lab.

Regards,

Hmm... I've never been more than 3 in queue at VT which is about a 2-5 second wait. But yes, they are both good.

u r right buddy