Hi, 'Direct Disk Access' is mentioned a few times in Malwarebytes' Anti-Malware change log, like: - Direct Disk Access for enumerating folder contents. - Direct Disk Access for breaking file headers. http://www.malwarebytes.org/forums/index.php?showtopic=3283 This 'Direct Disk' operations can be recognized immediately after starting a scan with MBAM, but only with some HIPS. After testing with XP and Vista and with six different HIPS, only three warned me about 'Direct Disk Access'. Comodo Firewall Pro v3 'Access the disk directly' - first success. EQSecure v4 beta2 'Load driver' - the last prompt before MBAM scanned the disk, no prompt about 'Low level disk operation'. Malware Defender v1 'Load kernel driver' - again the last prompt, no 'Access physical disk' prompt. Online Armor v3 beta '... access hard disk directly...' - second success. Real-time Defender v1 'open disk for low level operation' - third success.