On my host in Task Scheduler, are scheduled events for AV scan (Avast free), disk cleanup (CCleaner and Windows cleanup wizard), stop/start magicJack (VOIP) to turn off phone calls and mute/unmute the system audio so I'm not disturbed at night while sleeping, and defrag (Auslogics). While the disk cleanup isn't needed when in virtualized mode with Returnil (because such cleanup gets done on the reboot), the impact on the host for such cleanup is minimal. I still want the VOIP (phone) disabled and the system audio muted while I'm sleeping so those are okay to run while virtualized. However, there's no point in running a defrag on the OS partition that being virtualized. Any defrag that's done while virtualized will get discarded on a reboot to wipe those disk changes. There's no point in running an anti-virus scan since any malware (that was quiescent and only found through a scan) that showed up while in virtualized mode will be gone on the reboot. So it is a waste of time, resources, impact on responsiveness of the host, and wear on the disk to do a defrag and AV scan while virtualized. The defrag (Auslogics) likely uses the safe defrag API included in Windows. So it might be possible to disable or block a defrag by intercepting the system call to that API. That is, when a defrag program makes a call to the defrag API, it gets an error and the defrag never starts. That's something akin someone ringing the doorbell, you open the door only to tell them that you're not in, and slam the door shut in their face. Since these are commands executed as scheduled events in Task Scheduler, I'm wondering if Returnil included a state-test utility that could be used either in a batch file to look at its return code or would execute a program only if NOT in virtualized mode. I could replace the commands executed by the scheduled events so: "C:\Program Files\Auslogics\Auslogics Disk Defrag\cdefrag.exe" c: d: -bk -o -dt becomes: rvsstate.exe "C:\Program Files\Auslogics\Auslogics Disk Defrag\cdefrag.exe" c: d: -bk -o -dt where rvsstate.exe executes the command given to it as an argument only if not curently in Returnil's virtualized mode. When not virtualized, those scheduled events would run. When virtualized, those scheduled events would not run (well, they'd run but immediately exit without rvsstate executing the specified program). While disabling the defrag API in Windows while virtualized provides a means to prevent a defrag operation (assuming the defrag program used only the Windows defrag API and didn't do direct disk changes, say, using a driver at kernel level), there are other operations that I'd like not to run while virtualized. There is no "do not run" policy listing (i.e., app rules) in Returnil that says what can and cannot run while virtualized although that would be handy. Having SRPs (software restriction policies), like those that are available in Windows, where you can block some programs from running would let users tailor what goodware can run while in virtualized mode. That's not there and might never be added so something that lets me test if my host is in the virtualized state for Returnil to then decide whether or not to allow a program to run (either by modifying its shortcut properties or scheduled event) gives me some control.