Thanks for the quick reply.
When scanning, is there a way to put a *copy* of the file into the chest and then submit that? I don't want to lose access to the PUP until whenever the sig database gets updated and I get a copy. There is a "Move to Chest" option in the scan window but there is no "Copy to Chest" option. Once I move the PUP into the Chest then *I* can't use it anymore. My guess is that I have to move the PUP into the Chest and then extract a copy out of the Chest.
By the way, getting to the Chest is rather convoluted. There's no context [sub]menu item when right-clicking on the tray icon to get at the Chest. I have to start the AV program and then click the Chest icon (or use File -> Chest menu if the option to use skins for the Simple UI is enabled). Do I really need to run the AV program when I merely want to investigate and manage the Chest?
One of the PUPs is a Nirsoft utility. This has been a false positive in many AV programs for a very long time which evidences the resistance of AV vendors to skip some Nirsoft tools. I realize the history of Nirsoft (as hackers who wrote some tools) but those tools are handy to us users, too. They don't install unless the user chooses, they don't load on startup unless the user chooses, and they behave as expected by the user. While this file could be submitted for analysis and then whitelisted in the database, the same process repeats if the tool gets updated so there are long delays before PUPs get included in the database and why an exclude option is often provided. Based on past posts in these forums, I'm pretty sure you've had the Nirsoft utilities for analysis for quite some time.
The other false positives were for .vmdk files for VMs in VMWare Server. These contain base OS installs with OS updates but no other software is installed (Windows XP SP-2, Solaris 10, Fedora 7). There would be no point in submitting these files because no one else would have the same files. When they build their VM, they may select different install options, like to include games. When they create their own accounts using their own names and configure their desktop shortcuts then their userprofile is unique to them. That means the VM files will not be the same from user to user. These files are huge at 1GB to 16GB so they are too large to submit, plus if I tweak anything, like installing something like 7-Zip or reorganize the Start menu, then the VM files change. Obviously I'd like to exclude these huge files because I know they don't have viruses (and even if they did then they are isolated inside the VM) plus it would reduce scan time - but, as pointed out, a path and filename does not uniquely identify a specific file.
For now, I will have to exclude these false positives based merely on their paths and filenames. Unfortunately, any malware that slides in under the same path and filename also gets excluded from the scan.