Alan, I believe you are right about exclusions and the rootkit scan.
I don't believe the detection is by the rootkit scan but the standard shield scan as is indicated by the image posted (in reply #2) of the alert, although the malware name is rootkit-gen I don't think it was the rootkit scanner, so the exclusions should still work.
Unless of course the rootkit scan alert screen has been changed to conform to the regular alert screens
For that we would need some input from the Alwil team.