Anyone with some more info? Because I get to hear two different stories. Windows_Security says MemProtect is making use of a feature related to "System protected process". AFAIK, this will protect a process against memory access. Cutting_Edgetech says MemProtect will also block an exploited process from injecting code into other processes. These are are two different things, and both will not block exploits itself. This sounds weird, but this is not a valid way of testing. The HMPA Test Tool should be able to write to memory of a process, otherwise it won't be able to run the exploit. And AG will not block the exploit itself (just like any other anti-exe) it will block the payload. It probably allows calc.exe because it's a system process. But the question remains why MemProtect blocked the exploit/or payload from running.