Is this really a false positive?
I mean, the malware name we used was "Win32:Hidewindows-C [Tool]", and the web page of the product says: "Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more."
So, it sounds to me that this was actually an intentional detection (even though questionable).
Thanks
Vlk