Hi All When a virus infects a machine/client, there is a common scenario that antivirus products like SAV or SEP detect - one file, again and again. For such situations, we need to check the source of the detected file. Afterwhich, we need to open the file monitor, allow it to track all the files "read-and-write." This will let us identify the suspicious process. wish this tool can help. Ivan