Thanks everybody who participated, but feature request is not consistent. Mentioned registry access warnings for installing driver are used by D+ for both common techniques to install driver. Despite these warnings do not explicitly indicate that driver is being installed (subject of another enhancement request), main D+ warnings for driver is being loaded are present in both cases.
It is just in Safe/Clean PC modes of D+ main warning when driver is being loaded by services.exe is autolearnt by D+ (under certain circumstances) - one of two common techniques to load driver. However if driver is being loaded by other of two common techniques, warning is almost always there.
See this post and post by wj32 (which is linked to it).
----- original post start here -----
Currently Defense+ gives “Registry modification” alerts when driver is to be installed/loaded with definite technique. See screenshots from this post.
These alerts do not explicitly tell user that HKLM\SYSTEM\ControlSet???\Services registry branch is used to install/load drivers.
My feature request would be following: in described cases Defense+ would provide alerts which explicitly indicate that driver(s) is/are to be installed/loaded. This can be implemented by at least adding one more sentence under “Security Considerations” of D+ alerts.
Some of original reports inside original threads (i merely added a poll here):