Hi list After looking through some old sys admin emails I came across a mention of this tool and decided to have a look at what it could do. Both malwarebytes and bleeping computer had download links so decided to download the 32 bit version from the latter. I mostly use my Lenovo thinkpad, but thought I would give the tool a try on an old Asus laptop which I recently upgraded to windows 10. The downloaded file was called FRST.exe. Was just about to rename the file when windows defender popped up with an alert that the file was infected with a ransom ware trojan. Namely. Win32/Bomitag.D!ml. Obviously i immediately removed the threat, but am not sure if this was a false positive as the tool is supposed to recognise ransomware so I am wondering if it contained signatures of ransomware which windows defender may have mistakenly identified. The Asus laptop has nothing on it as it was a clean install of windows 10, however I was using my Lenovo thinkpad when I downloaded this alleged infected file and it has access to my i cloud drive and WD my cloud NAS. Thanks to windows Defender I did not execute the tool or god knows what it might have encrypted. Have googled to see if there are any reports of this tool being infected, but could find nothing, which makes me wonder if it was a real trojan or a false positive. Has anyone else encountered this kind of behaviour from windows defender? This is the first time I have ever encountered ransomware or indeed any kind of trojan for many many years. Thanks Darren. Any sufficiently advanced technology is indistinguishable from magic.