I would like to suggest the following relatively minor improvements to NOD32: 01) Allow the HIPS rules window to remember the last size and position. It is tedious to have to resize this window every time. 02) Add a setting to make the alerts popups open the advanced options drop-down as default. 03) Better wildcard support for the HIPS module. For example, allow items such as "C:\Windows\*.log". 04) Allow wildcards for Source Applications in HIPS rules. As the final rule of 3 out of 4 policies is to allow the action (including the default policy), this would NOT be a dangerous modification. There are instances where this would be quite useful. Some examples: a.) on a system running the Surun application every application needs to be able to launch surun.exe b.) many applications may need to write to "C:\Windows\Rescache\rc000*\rescache.hit" c.) many applications may need to write to "C:\Windows\CSC\v2.0.6\namespace\localhost" It would make rulesets much smaller to integrate all these actions into a single rule for Source Applications "C:\Program Files\*" and "C:\Program Files (x86)\*", instead of so many separate rules. If you've made it this far into my post, thanks for taking the time to read. Any consideration of these changes by the ESET developers would be greatly appreciated.