Honeypot and AntiVirus

[J Bailes <jbailes () parasys com>]

Hello,

I recently set up a honeypot using VMware and Windows 2000 Pro as the guest OS/honeypot.  I am logging all packets on 
the host OS (Win XP Pro) using IRIS (plus I have some other tools running on both machines).  I am also using AntiVirus 
software on the host OS.  When I try to decode and view packets in IRIS the AV jumps into action and cleans what it 
reports as malicious code from the packet logs (e.g.; last night - W32.Slammer).

So, here are my questions:

1) Can I set my AV to prevent this without risking compromise to my host OS where the analysis will be performed?

2) Can an analysis be performed with mitigated risk of compromise to the machine running the analysis?

Thanks in advance.

J.