I just installed RegDefend and AppDefend a few days ago (Win2K SP4). Of course I noticed on first startup several alert popups. As I am not very familiar with all the system applications and registry things I gave permission to most of them ("Allow always"), despite of the possibility of giving allowance to probably bad or "infected" applications. For clarity I would like to know: Are the standard rulesets changed by this immediately? If so, I would suggest that it would be more convenient that RegDefend and AppDefend are starting in disabeled mode the first time, so that one can copy the standard rulesets for safety. Now I found GSS working very smothly and I like it very much. It works for me even in a non-administrator account (Power User). With GhostWall installed I experienced today that RegDefend blocked GhostWall to set value to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run when I logoff from power user account and login as Administrator (not vice versa). Because I was worried about this I created an application rule in RegDefend as described here http://www.wilderssecurity.com/showthread.php?t=104811 , and this works fine. But I am still wondering why there was no alert popup from Regdefend asking me for allow this set value by ghostwall.exe, because the Autostart rules (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Run**) were concerned in this case. ("Ask user" is checked there.) Worked RegDefend correct here?