"services.exe tries to load driver" alert is missing

Are you “profi” pretending that you don’t understand the point?

Once again - installing the CIS on some machine can’t prevent the machine from loading unauthorized/usigned or malware drivers from loading even if these drivers are childish toys with “start on demand” then when this “demand” happens then guess what happen with CIS…

Once again your/CIS’ hooks and drivers in R0 are useless if only registry’s \Services\ protected somehow and only post factum after/since installation.
XP and some allow loading unsigned drivers and this another headache CIS D+ can’t solve in this case of weakly protected registry tree.
Why some assumptions on clean and signed drivers in \Services\ on default? At least signing should be checked on pre x64.

I’m not a profi, just have thrown ~1000 malware samples against several HIPSes and never a driver became loaded into the kernel when the registry keys couldn’t have been created.
So, your point is just wrong.

Where is the proof?
Prove it that a driver is loaded into the kernel if no registry keys are created.
This doesn’t seem to be possible via this driver loading method.
And this is the point.

Then walk away, noone holds.

No, I’ll stay and tell you if you’re wrong.
No need to be touchy. :-TU

Btw: Who wants more additional pop ups without any gain?
You would get pop ups even if safe applications install drivers.