Some suggestions on D+

  1. “New command line sensitive”: Since malware can start certain applications such as svchost.exe, rundll32.exe, regedit.exe…, through a specified command line, it is necessary to add a "new command line sensitive " feature into D+, which can be triggered by users in “Advanced tasks”. (Of course , a restart of windows in training mode may be needed.)

  2. Is there any consideration on SHA1 checksum verification?