CFp should ntercept any modification in NTFS permissions. It,s important IMO as I have heard of malware that can do this.
Thanks
Sounds like an awesome Idea aigle. +1 I support it!
I think that would nicely fit in the “new” behavior analyzer 
+1 for me :-TU
Modifying NTFS’ DACL is meant? If so, it is already intercepted by D+ …at least i observe this each time i try to modify DACL of any executable with the help of 3rd party app (not Windows Explorer).
But does the alert clearly state that “program X” is trying to modify the NTFS permissions on file Y?
Nope. It states “xyz.exe tries to modify protected file zyx.exe”. IMO, more than sufficient :-X