We don't plan to provide an "Ignore"-type button to WebShield anytime soon... The reason is, if you absolutely feel that you want to download the infected file (or you're 100% sure it's a false positive), you can always pause/stop the provider. But as soon as the protection is ON, there should basically be no WRONG answer in the dialog, because 90% of the users simply don't know what it's all about, and they just click a (more or less random) button just to make the noisy dialog go away...
I agree you have to look out for the average user so they don't come to harm.
However, I doubt whether anyone can be totally confident to state that something is totaly 100% a false positive, especially as they wouldn't have any way of investigating this unless they pause the web shield to allow for download and investigation.
The question remains why would the web shield scan a .zip file (when standard shield doesn't) the contents of which are an .iso file and buried in side a folder is a killcmos.com file, when there is absolutely no way of a one click or auto execution. You would need to unzip the .iso file, burn it on to a CD, run the newly burned CD, open the sub folder and then execute the killcmos.com file (that I'm not sure would work in 32 bit environment, tried a basic test which failed).
Yet with web shield paused to enable it to be download the file doesn't get scanned by Standard Shield set to Normal because it is a zip file (inert). So why the difference between files that web shield would scan Vs files that standard shield scans when the file type .zip is the same. So same degree of threat/risk from what is an inert file.
That is what concerns me more than any the detection of killcmos.com, a 16 bit MSDOS program, inside a folder, inside an .iso file, that is inside a zip file.