Although I do like the management console.... As far as I can tell, there is no way actually remove a threat if detected from it. So if you have your policy to "show in results list and do not check for removal" You get the notification that an issue was found, however there is no way to actually delete the item unless you go to the system. If this is correct, why is this? Also, in order to report a false positive, you want us to use the /developer flag and rerun the scan to capture the log. Is this correct? If we have the console controlling hundreds of systems, why cant we capture the log and required information from the system that is reporting the false positive instead of having to rerun the scan and send the file. If this is correct as well, seems kind of backwards way of doing it.. I would think you would be able to do these items directly from a management console, after all, that is how you would control 100s of clients...