You sure have seen it. @malware1 supplied a .lnk ransomware to you that by-passed Protected Mode. It was about 9 months ago. That sample was harvested "in-the-wild." A bunch of us tested it with most experiencing the same result = by-pass Protected Mode. However, Locked Down Mode prevented encryption on everyone's system. I know by-passes are reported, but if you do not get one reported from an actual, typical user during daily use - then you don't officially consider it an exploit. BRN just uses that as a play on words to their benefit. Either Protected Mode can be by-passed, or it cannot. It can, and has been... Like I said, it is rare, but it can, and does, happen. Fortunately, for BRN, samples have been caught and reported by us white-hat beta testers and other concerned users... before any real damage was done to typical users. I know of not a single by-pass of AppGuard Lock-Down Mode.