After a fews days testing, I have changed most of my Active Defense settings (except behavior blocking kept low setting), also de-installed script and email scanning.
See pics, The program startup control kicks in when not started from the quick launch or explorer, so it's ruleset is quite clever. Protecting your brwser from illegal startup will cause some leak tests to fail
Note that application access control for explorer is , allowed to start others, ask for global hook setting, ask for driver loading and ask for kernel data modification. Note that application protection is used to protect all critical XP processes (Vista users may be different), application launch to guard against suspicious starts of your browser/e-mail.
FYI, see my settings (I do not proect IE or its directories from tampering, because DefenseWall already protects handles it as an untrusted resource).
As a stand alone HIPS it is smart, easy to use and very effective. Consider it a configurable DSA with a smarter execution control (not according the classical HIPS do in an execute parent - child scheme, but with seperate protection rules on origin = application access control, malicious behavior AND target = Application startup, Application protection and System Reinforcement), and a bit of Norman Sandbox + ThreatFire combined in its Malicious behavior blocker, in short compared to classical HIPS it is much more user friendly/quiet and covers nearly same protection, Compared to an intelligent behavior blocker it puts less strain on system resources (malicious behaviour is more like an advanced implementation of active heuristics).
Pleased until now, so running without classical AV, while using the HIPS of an advanced AV!