What's so special in Drivesentry? Isn't it at the moment just another classical HIPS (with a scanner included), very similar to AE or PG? One just goes one step ahead: the malware is allowed to execute, but not write to disk, if one chooses correctly (or central database gives enough information). Does this approach (drive protection) give some special advantages? Of course DS may be develop to a nice behaviour blocker, time will tell.