I installed something today, & ProcessGuard alerted me to several MS.Exe's that were required to run for the install to proceed. One of these was cmd.exe which under normal circumstances, as in this case, was ok to allow via a per basis prompt, as set by me in PG. If i, or anyone else, had just installed a Hips type App, & allowed it to be put in learning mode for some period of time, cmd.exe & whatever else considered ok, would have been permanently allowed as a safe .exe, never to be prompted again. As malware can make use of things like cmd.exe etc, i believe it's better not to permanently allow them, but rather receive prompts as & when required. This shouldn't be very often, so it's no inconvenience to adopt the precuationary method. Of course malware would throw up a number of other alerts & blocks on my comp & get no further, but other peoples comps "might" not !