In my full history log of NIS 2011, latest build, windows 7  x64 home premium sp1, there are three consecutive entries: 06:17 firewall configurations updated, 06:47 idle quick scans results and 07:17 liveupdate session.

There are two executable files in my downloads folder with timestamps of 06:47(small) and 06:48(large) that I did not initiate any action to acquire nor explicitly given permission to download.  There was an iso image being downloaded prior to this time and completed 20 minutes later.  Once I had initiated this iso download, I had not engaged the PC until the download was done.

My previous logged download was NIS2011 latest build (just in case) two days ago.

I ran full scan mbam and NIS with clean results.  Prior iterations of the first file had triggered quarantine as an intended download.  The second file's iterations were no longer troublesome once the download site was "whitelisted"; although, this particular file does not match the current version being offered for download.  I am in a dialogue with the publisher now.

So, how and why did these two files get through without a peep or a yawn?