It is an intentional detection (VNC - remote admin). It's marked as [Tool] - ie. potentially dangerous application...
However, given the feedback we've got from this, we've decided to remove the detection for now.
Hopefully, the headaches were not TOO hard - I mean, I hope you don't have VNC installed on a large number of machines...
I apologize for this trouble. Seems that before we can add these remote admin tools into the database, we'll have to provide you with a way to ignore them.