Ok, I see now. Your response seemed to be in direct response to mine since I was quoting you. I think it needs to be made clear to some that AG will not block payloads that execute from the System Space, and Program Files. Maybe they will read the last few post, and understand how AG protects those areas. AG protects the System Space, and Program Files by not allowing Guarded Apps (Vulnerable Applications) to write to those areas. You obviously can't guard most System Process like lsass.exe without trashing your System so if a System Process is exploited, AG can't prevent it from writing to the System Space, and dropping it's payload there. In the case of EternalBlue, it was outside the scope of AG protection. I honestly would like to see Blue Planet-Works think outside the box on threats originating from exploited System Processes. Maybe they could come up with policies to block the payload in System Space without the policies harming the System. I'm not sure how possible that is. Btw.. I'm hoping to do a Capstone Project on Exploits next Spring where I will test AG, VS, ERP, and some others. I'm not sure I will make the results Public. If I do I will allow the vendors to see the results before releasing them to give them time to address any problems. I definitely will release the results to the vendors regardless.