I noticed one thing that seems peculiar, and wanted to verify this wasn't a mistake or should not be manually changed by me:
1. ZAIS 2009, with smartdefense advisor on, grants IE "super trusted" level, and permissions for both access and server status to trusted and internet resources. This seems at odds with the concept of DropMyRights, "run safer" setting (same as dropmyrights) of **bleep** and other efforts.
2. KIS 2009 places svchost into trusted and does not monitor programs it opens or its internet connections it makes, by default. ZAIS gives it access to all except internet server, which is "?" by default. The first time the user is prompted to allow or deny server status for svchost, however, it makes a global change to "?" to either "allow" or "deny" without regard for the port over which the user prompt was generated. Is there a way to ensure prompts denied or allowed apply a granular rule that applies only to that port in question and not all future queries for any port at any time?