1. Is RegDefend supposed to give the user control over cloaked registry entries or is it necessary that you disallow the rootkit's autostart entry prior to the installation of the rootkit? A quick test seems to indicate that HackerDefender's autostart entries can only be monitored during the installation process (but not thereafter). Shouldn't it be possible for a kernel-based solution to bypass a rootkit's "cloak of invisibility"? This would be good because a user may not know whether it is necessary to allow or disallow an autostart entry (or the start/installation of a service). If you are too careful and disallow each and everything the installation process may stop and potentially legitimate software will not be installed. 2. Can I only block unwanted autostart entries or can I also remove them with the help of RegDefend? The latter would be good in conjunction with 1.