I do have to say that on every product with "Heuristics" I've found it necessary to switch it off in order to prevent unnecessary false positives. "Unnecessary" false positives are when a virus-killer attacks a file which is still identical to the original on the CD, like my Lotus install.
I do expect that from time to time a definition will be... overly enthusiastic?... but it doesn't matter if the suspect file could potentially have been compromised, for example a download, or an automatic upgrade. Often these are very reasonable, but the file contains some iffy DNA.
But yes, a programmable time limit on exclusions is a good idea. Note "programmable". I still do not dare let Avast anywhere near my hosts file, or its backups. I dunno what it's looking at in there, unless it disapproves of the URL strings...
Gordon.
