I do have Controlled Folder setting in WD turned on and understand some pieces. Recently I saw two applications apparently trying to access protected memory. Can someone explain to me in plain English what these events mean. To me DR0 indicates some volume, perhaps system reserved. EDIT: No, it's my main and only hard drive. And HardDisk Vol3 is the windows10 partition. Neither sound like memory. Please speak to me like you would to a five year old. EEK ran on 1809, few hours before 1903 installation on Nov23. EEK is emsisoft's. WinSAT log item is on 1903. WinSAT is Microsoft's some kind of a system assessment tool. Moderators: if this should be in the Windows Defender thread, please move it.