> I tested the SANS tool against a properly patched XP system on Friday > and found it to false positive on many of the locations it said it > wouldn't test on. What the FAQ says is that you should ignore the results for certain directories, not that it won't test them. "FAQ Ignore files in directories like Windows\$NtUniinstallKBxxxxx\ and Windows\WinSxS. These are old versions left behind for uninstal purposes."