Defense + failed to catch a Device Driver manipulation

I got myself infected just a while ago after running a bad setup file, since D+ was in Clean PC mode it didn’t throw up an alert for the whatever the file did. But, what doesn’t seem right is that after I managed to get myself infected I had the file “wslt.sys” in C:\WINDOWS\system32 show up in the list of “My Pending Files” as modified. Now how did that happen when I have, both, “Device Driver Installations” ticked in “Monitor Settings” and have the folder “C:\WINDOWS\system32” as a protected folder?

In order for any file to not get an alert while modifying or creating a “.sys” file, I believe it should have explicit exception status, which isn’t the case, since, I always block “Device Driver Installations” for all but system applications. Even a system file, as far as I know, never MODIFIES a system file?

Can anyone explain how this could have happened?

Quite a few “monitors” are disabled in “Monitor Settings”. Maybe there is way to circumvent “Device Driver Installations” and “Protected Files/Folders” protection through this?