>This is interesting. So let's say we are going to update our client using ISVFPLE, but a virus has modified the exe on the client's machine. Our update will not overwrite the infected file?

The difference is that EXE files contain (or at least can contain) version information but MSM files do not. In the case of an MSM file, the date/timestamp is the only thing Installer can use to determine if a file should be overwritten. That's why the potential problem exists with the VFP7 SP1 install if Orca has changed the date/timestamp on the VFP7 MSM files so it's later than 1/4/2002.

I believe that in the case of an EXE, Installer looks at the version information of the existing file to determine if it should be overwritten. This is why you have to update the version number when you're distributing an updated EXE via ISE. My guess is that a virus-corrupted EXE would still be replaced, regardless of its date/timestamp, unless the version info had somehow also gotten corrupted by the virus and indicated a version newer than your update.