Just to be clear - I know the file is questionable/infected - I have it in my library of files for testing various security packages... I know the executable is detected by some of the engines on VirusTotal (mostly heuristic it seems and by the "smaller" engines such as Cat-Quickheal, Comodo, Esafe, Ikarus, etc - not Avira, Kaspersky, AVG, Symantec, etc). And yes, uploading the restored version shows it to be clean by all but SAS so quarantining it must clean it up. Oddly enough SAS didn't detect it on the first upload when it was a fresh "live infected" executable, only after it was restored from quarantine (as a Rogue.Agent/Gen-Nullo[EXE]). In resending the "live" copy of the executable to Virustotal, I was able to duplicate the "...a malicious process has been blocked from executing." message I've received before. The question at hand is I'm uploading a file for scanning - so why is MBAM stating a process is starting? The process/executable is not being started...unless I'm unaware of some method of it running triggered during an upload to Virustotal. In which case, those folks trying to upload a file to make sure it's clean would be infected before they even get the Virustotal results (assuming they weren't using MBAM or a similar product). So again question 1 - why is MBAM showing a process is attempting to run when all I'm doing is uploading to Virustotal? And question 2 - what is the ignore option - ignore the warning and let the process run? I really want to block a potentially malicious process, but don't want to quarantine the file immediately. Thanks in advance for answers on these two questions!