Sorry, I didn't notice that the Eset alert was for reg. key deletion. I also believe I now have an idea of what is going on. It is a rare "once in a many blue moon" occurrence to see a HIPS alert when Smart mode is enabled. If you browse the Eset forum in regards to this, you will see a number of complaints about this; no HIPS alerting in Smart mode. Eset Internet/Smart Security in ver. 11 and it appears more so in ver. 12 has significantly enhanced its Network router monitoring protection. I assume you have your Network firewall profile set to Home/Office network? What I believe happened in this instance is Eset has created a default HIPS rule to monitor any network proxy changes and the monitoring of this activity is done via the router monitoring feature. Again, I am surprise that the HIPS could monitor the AutoConfigURL value setting in HKEY_CURRENT_USER\S-1-5-21 ....\Software\Microsoft\Windows\CurrentVersion\Internet Settings reg. key since in prior vers., it did not have this capability. What I do see here is a bug in Eset processing. The Eset alert should have been generated in the context of a router monitoring violation. I also question the HIPS alert itself in that it makes no sense that CCleaner was attempting to delete a non-existent AutoConfigURL value. What I believe CCleaner was doing was attempting to delete some previous value or subordinate key it created in HKEY_CURRENT_USER\S-1-5-21 ....\Software\Microsoft\Windows\CurrentVersion\Internet Settings. It appears Eset saw modification activity against HKEY_CURRENT_USER\S-1-5-21 ....\Software\Microsoft\Windows\CurrentVersion\Internet Settings registry key and just displayed the info related to its hidden default rule which again was for the AutoConfigURL value. If my above bug assumption is correct, the HIPS still has issues with the monitoring of reg. key value settings.