it didn't recorded anything too. Just detecting pressed keys isn't logging. Keylogging is to transmit exactly what you type to the attacker. anti-exe doesn't monitor drivers and dlls, (the only exception is NVT Smart Object Blocker) , HIPS does. default-deny isn't for beginners, user of such solutions must know how to differentiate a legit process than a suspicious one. some default-deny solutions implement cloud reputation/lookup to help the beginners to decide but it is not a requirement. that the point of default-deny solutions , if you want silent one, so use suite like kaspersky which whitelist stuff for you. check my point above. you are totally mistaken the purpose of two different mechanisms. how malware start ? via a file executed (LOLbins, dlls, drivers) or a script executed (LOLscripts) your anti-exe only monitors executables... drivers and dll are exempt from monitoring, however it can block later in the attack chain (if any). Every solutions have a scope, they have a distinct purpose , and SpS does the one it was made for very well, like NVT ERP does as very well. if you want an all-around full system monitoring of everything , use a suite, Kasperky or else. Single purpose default-deny are obviously aren't for you.