I have to post this thread on syssafety forums but I am also posting it here, just for the sake of discussion. I want to have ur opinions about this.I know many of SSM users are here and also those who are using other HIPS. I have a concern about dll alerts from SSM. 1- Say a process A injects a dll into process B. The pop up alert from SSM in this case, does indicate dll injection by process A but it does not tell the name of process into which the dll is injected( Process B). While other HIPS like ProSecurity, ZoneAlarm Pro( and probably Kaspersky,s proactive modules) give clealy the name of the process into which the dll is being injected. See the Pics here.