Thanks guys I appreciate the help. Let me try to explain more. All my maint programs including AV sig updates and AV scans run from a logon script. The script is crafted so each program runs sequentially with no execution overlap.
Most maint programs are scheduled for Saturday at startup. AV sigs are checked for daily. The AV scan runs each Sunday. The actual .exe update took place Sat when the sigs were also updated. When the scan ran Sunday, the Sygate window popped-up and specifically mentioned the changes to the avscan.exe file which is the AV scanner program.
I didn't check the task manager list, but considering a scan program would use lots of I/O, the Sygate program should have no problem grabbing an interrupt.
The system is a Dell Inspiron 5150 Laptop 2.4 GHz, 512MB Ram, 40GB disk, XP SP2 fully updated and reasonably protected. Haven't actually found a virus, trojan, or other malware in over 14 months.
Maybe I'm concerned about nothing, but that 15 minute lag and the non-suspension of the job in question seems out of character for a firewall.
8-)