Is it safe to exclude "Program Files" folder from HIPS?

Yes, that’s my question. To avoid too many HIPS alerts from CAVS, I’ve excluded the whole Program Files folder. But what if a certain virus gets into this folder? How does malware usually behave? Does it usually (if it gets the chance) place itself in the Windows folder, e.g. system32, making it safe to exclude the Program Files folder?

I also have a second question related to the first one: As I store all my files - documents, media and program setup files (in case I reinstall Win XP) on another partition (D), could malware possibly copy itself from C: to D: and thereby destroy files - or does malware usually act on C?

Hope to get an answer from any of you experts here :slight_smile: