I've seen it block DLL's before. I don't know about (dot)SYS files though. Maybe someone from SecureAge can answer that question. I would be shocked if SAP had literally nothing to protect against a malicious driver being installed. From what I understand, something like a DLL or an SYS needs to be injected by something else for it to be able to do anything. So if your script and command line protection is good and your protection against malicious EXE's is good, like it is with SAP, then I don't know if there's anything to worry about. Although, I think you also need the whitelisting application to consider the parent processes of things too for that to work properly. And as far as I'm aware, SAP does monitor parent processes of things.