D+ does not block file creation in other partition

Hi guys!
I did some test and D+ does not intercept file creation/modification in non-OS partitions…

I executed a file that had to cript all the files in the OS. Well, CIS alerted me about all the files modification, and i clicked Block, but all the files in Z:\ partition changed their extension to .gz, even if D+ alerted me about that action and i denied it…

the only way is to create a new group, with new rules, in My Protected File referred to other partitions…
In this case i had to create a rule Z:*

Configuration: Proactive Security
D+: Paranoid Mode
Option “Trust the applications digitally signed” disabled


Proactive security config get D+ to monitor file creation for executables regardless of the partition, specific paths on the system partition regardless of the extension and some files in the root of every partition (eg. ?:\boot.ini, ?:\ntldr, etc.) accordingly to the entries listed in My protected files

Since the file created had the .gz extension nor it was created in one of the monitored path of the system partition there was no alert for it.

I think that an hips software should protect against worst malwares with default ruleset (as other softwares do, I tested MalwareDefender for example)…

I don’t believe that all D+ users have the consciousness of all most dangerous malwares and customize their rulesets based on that…
Don’t you think so?

BTW these are considerations made by a whatever user, so I don’t expect any ruleset improvement…


So MalwareDefender “protect” against the creation of gz compressed archives? Does it alert about the creation of zip, rar and txt files too? ???


the attached image is the MD log.
As you can see, with default ruleset (the rules in action is the generic file rule [b]?:[/b]), it alerts me about .zip and .gz creation and modification, even in nonOS partitions.

[attachment deleted by admin]

If D+ alerted you about modification of executable files on z:\ (*.exe , *.sys , *.dll etc) or any other files which were in the list of protected files and you chose “block”, but these files were renamed despite of this, then it is a bug.

no i’m sorry, i make a mistake…

D+, with default ruleset, intercepts only this creation in Z:


adding generic rules *.zip, *.gz ecc it does block all the actions…

anyway i think it’s absurd to not implement ruleset, more than 90% of users could not know about this.