Hello. Interested in few technical details. 1) Message handling. I've been searching through this board and I read in some place something to the effect that Process Guard protects itself by verifying the windows messages are generated by user interface device. Is it fully secure and adequate protection without some kind of "turing code" challenge, does it mean that PG itself is protected from unauthorized changing of critical parameters like "Learning mode" enabled disabled etc? 2) I read that PG itself is not exactly the tool to protect from on-disk modifications, but some degree of protection is present nonetheless. Can it be clarified? As I read it, database of hashes is kept, what happens if registred executable with already set permissions fails to match on loading? This is pretty uncommon condition that .exe-s change like that, unless deliberately patched by user, will there be some kind of noticeable critical alert? 3) Secure messages for other apps and that "INSERT" key thing. In an older thread I found it was asked but wasn't clearly answered. This "INSERT" thing does not seem to work. Is it "not implemented" yet? What about that user interface device thing, does the "secure message handling" option enables the same thing for aps? Say, what I'm concerned about, I'm using Agnitum Outpost firewall and its protection can be disabled with a few clicks - changing its policy to "disabled" or something else. It's even more dangerous than just exiting from its user interface I think, because then (I guess) the kernel module continues its job. In the paranoid mode of thinking, can somebody exploit this by I don't know, sending some kind of WM_COMMAND message or something like that to the agnitum process? "INSERT" key thing seems to address this, but I can't get it to work - I hold it and change the policy to disabled and nothing happens. If somebody can answer this - big thanks. You can be as technical as you want - if there will be some unfamiliar concepts I can read some stuff on msdn or in DDK docs.