diff --git a/HiddenCLI/Helper.cpp b/HiddenCLI/Helper.cpp
index 17de364..d45fd61 100644
--- a/HiddenCLI/Helper.cpp
+++ b/HiddenCLI/Helper.cpp
@@ -101,3 +101,35 @@ HidRegRootTypes GetRegType(wstring& path)
 	else
 		throw WException(-2, L"Error, invalid registry prefix");
 }
+
+HidPsInheritTypes LoadInheritOption(Arguments& args, HidPsInheritTypes default)
+{
+	wstring arg;
+
+	if (!args.Probe(arg))
+		return default;
+
+	if (arg == L"inherit:none")
+		return HidPsInheritTypes::WithoutInherit;
+	else if (arg == L"inherit:always")
+		return HidPsInheritTypes::InheritAlways;
+	else if (arg == L"inherit:once")
+		return HidPsInheritTypes::InheritOnce;
+
+	return default;
+}
+
+bool LoadApplyOption(Arguments& args, bool applyByDefault)
+{
+	wstring arg;
+
+	if (!args.Probe(arg))
+		return applyByDefault;
+
+	if (arg == L"apply:fornew")
+		return false;
+	else if (arg == L"apply:forall")
+		return true;
+
+	return applyByDefault;
+}
diff --git a/HiddenCLI/Helper.h b/HiddenCLI/Helper.h
index 6a1cecb..64fe067 100644
--- a/HiddenCLI/Helper.h
+++ b/HiddenCLI/Helper.h
@@ -58,13 +58,14 @@ enum EObjTypes {
 	TypeDir,
 	TypeRegKey,
 	TypeRegVal,
-	TypeUnknown,
 };
 
 enum EProcTypes {
 	TypeProcessId,
 	TypeImage,
-	TypeUnknown,
 };
 
 HidRegRootTypes GetRegType(std::wstring& path);
+
+HidPsInheritTypes LoadInheritOption(Arguments& args, HidPsInheritTypes default);
+bool LoadApplyOption(Arguments& args, bool applyByDefault);
diff --git a/HiddenCLI/HiddenCLI.vcxproj b/HiddenCLI/HiddenCLI.vcxproj
index 7b39ca8..7576044 100644
--- a/HiddenCLI/HiddenCLI.vcxproj
+++ b/HiddenCLI/HiddenCLI.vcxproj
@@ -156,12 +156,16 @@
     <ClCompile Include="Helper.cpp" />
     <ClCompile Include="HiddenCLI.cpp" />
     <ClCompile Include="Hide.cpp" />
+    <ClCompile Include="Ignore.cpp" />
+    <ClCompile Include="Protect.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="Commands.h" />
     <ClInclude Include="Connection.h" />
     <ClInclude Include="Helper.h" />
     <ClInclude Include="Hide.h" />
+    <ClInclude Include="Ignore.h" />
+    <ClInclude Include="Protect.h" />
   </ItemGroup>
   <ItemGroup>
     <Text Include="cli.txt" />
diff --git a/HiddenCLI/HiddenCLI.vcxproj.filters b/HiddenCLI/HiddenCLI.vcxproj.filters
index a75836e..889ab79 100644
--- a/HiddenCLI/HiddenCLI.vcxproj.filters
+++ b/HiddenCLI/HiddenCLI.vcxproj.filters
@@ -8,6 +8,12 @@
     <ClCompile Include="Hide.cpp">
       <Filter>Commands</Filter>
     </ClCompile>
+    <ClCompile Include="Ignore.cpp">
+      <Filter>Commands</Filter>
+    </ClCompile>
+    <ClCompile Include="Protect.cpp">
+      <Filter>Commands</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <Text Include="cli.txt" />
@@ -19,6 +25,12 @@
     <ClInclude Include="Hide.h">
       <Filter>Commands</Filter>
     </ClInclude>
+    <ClInclude Include="Ignore.h">
+      <Filter>Commands</Filter>
+    </ClInclude>
+    <ClInclude Include="Protect.h">
+      <Filter>Commands</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <Filter Include="Commands">
diff --git a/HiddenCLI/Ignore.cpp b/HiddenCLI/Ignore.cpp
index b6cc4e6..006bf88 100644
--- a/HiddenCLI/Ignore.cpp
+++ b/HiddenCLI/Ignore.cpp
@@ -53,7 +53,7 @@ void CommandIgnore::LoadArgs(Arguments& args)
 	}
 	else
 	{
-		m_targetProcId = _wtoll(target.c_str());
+		m_targetProcId = _wtol(target.c_str());
 		if (!m_targetProcId)
 			throw WException(-2, L"Error, invalid target pid for command 'ignore'");
 	}
@@ -79,23 +79,13 @@ void CommandIgnore::PerformCommand(Connection& connection)
 	if (!HID_STATUS_SUCCESSFUL(status))
 		throw WException(HID_STATUS_CODE(status), L"Error, command 'ignore' rejected");
 
-	wcerr << L"Command 'unhide' successful" << endl;
+	wcerr << L"Command 'ignore' successful" << endl;
 	if (EProcTypes::TypeProcessId)
 		wcout << L"status:ok" << endl;
 	else
 		wcout << L"status:ok;objid:" << objId << endl;
 }
 
-HidPsInheritTypes CommandIgnore::LoadInheritOption(Arguments& args, HidPsInheritTypes default)
-{
-	return default;
-}
-
-bool CommandIgnore::LoadApplyOption(Arguments& args, bool applyByDefault)
-{
-	return applyByDefault;
-}
-
 // =================
 
 CommandUnignore::CommandUnignore() : m_command(L"/unignore")
@@ -113,8 +103,58 @@ bool CommandUnignore::CompareCommand(std::wstring& command)
 
 void CommandUnignore::LoadArgs(Arguments& args)
 {
+	wstring object, target;
+
+	if (!args.GetNext(object))
+		throw WException(-2, L"Error, mismatched argument #1 for command 'unignore'");
+
+	if (object == L"pid")
+	{
+		m_targetType = ETargetIdType::ProcId;
+
+		if (!args.GetNext(target))
+			throw WException(-2, L"Error, mismatched argument #2 for command 'unignore'");
+
+		m_targetProcId = _wtol(target.c_str());
+		if (!m_targetProcId)
+			throw WException(-2, L"Error, invalid target ruleid for command 'unignore'");
+	}
+	else if (object == L"all")
+	{
+		m_targetType = ETargetIdType::All;
+	}
+	else
+	{
+		m_targetType = ETargetIdType::RuleId;
+
+		m_targetId = _wtoll(object.c_str());
+		if (!m_targetId)
+			throw WException(-2, L"Error, invalid target ruleid for command 'unignore'");
+	}
 }
 
 void CommandUnignore::PerformCommand(Connection& connection)
 {
+	HidStatus status;
+
+	switch (m_targetType)
+	{
+	case ETargetIdType::All:
+		status = Hid_RemoveAllExcludedImages(connection.GetContext());
+		break;
+	case ETargetIdType::ProcId:
+		status = Hid_RemoveExcludedState(connection.GetContext(), m_targetProcId);
+		break;
+	case ETargetIdType::RuleId:
+		status = Hid_RemoveExcludedImage(connection.GetContext(), m_targetId);
+		break;
+	default:
+		throw WException(-2, L"Internal error, invalid type for command 'unignore'");
+	}
+
+	if (!HID_STATUS_SUCCESSFUL(status))
+		throw WException(HID_STATUS_CODE(status), L"Error, command 'unignore' rejected");
+
+	wcerr << L"Command 'unignore' successful" << endl;
+	wcout << L"status:ok" << endl;
 }
diff --git a/HiddenCLI/Ignore.h b/HiddenCLI/Ignore.h
index 7eefb3a..bb04748 100644
--- a/HiddenCLI/Ignore.h
+++ b/HiddenCLI/Ignore.h
@@ -12,9 +12,6 @@ class CommandIgnore : public ICommand
 	HidPsInheritTypes m_inheritType;
 	bool         m_applyByDefault;
 
-	HidPsInheritTypes LoadInheritOption(Arguments& args, HidPsInheritTypes default);
-	bool LoadApplyOption(Arguments& args, bool applyByDefault);
-
 public:
 
 	CommandIgnore();
@@ -29,6 +26,16 @@ class CommandUnignore : public ICommand
 {
 	const wchar_t* m_command = nullptr;
 
+	enum ETargetIdType {
+		RuleId,
+		ProcId,
+		All
+	};
+
+	ETargetIdType m_targetType;
+	HidProcId     m_targetProcId;
+	HidObjId      m_targetId;
+
 public:
 
 	CommandUnignore();
diff --git a/HiddenCLI/Protect.cpp b/HiddenCLI/Protect.cpp
new file mode 100644
index 0000000..fb039a0
--- /dev/null
+++ b/HiddenCLI/Protect.cpp
@@ -0,0 +1,160 @@
+#include "Protect.h"
+#include <iostream>
+
+using namespace std;
+
+// =================
+
+CommandProtect::CommandProtect() : m_command(L"/protect")
+{
+}
+
+CommandProtect::~CommandProtect()
+{
+}
+
+bool CommandProtect::CompareCommand(std::wstring& command)
+{
+	return (command == m_command);
+}
+
+void CommandProtect::LoadArgs(Arguments& args)
+{
+	wstring object, target;
+
+	if (!args.GetNext(object))
+		throw WException(-2, L"Error, mismatched argument #1 for command 'protect'");
+
+	if (object == L"image")
+	{
+		m_procType = EProcTypes::TypeImage;
+	}
+	else if (object == L"pid")
+	{
+		m_procType = EProcTypes::TypeProcessId;
+	}
+	else
+	{
+		throw WException(-2, L"Error, invalid object type in command 'protect'");
+	}
+
+	m_inheritType = LoadInheritOption(args, HidPsInheritTypes::WithoutInherit);
+
+	m_applyByDefault = false;
+	if (m_procType == EProcTypes::TypeImage)
+		m_applyByDefault = LoadApplyOption(args, m_applyByDefault);
+
+	if (!args.GetNext(target))
+		throw WException(-2, L"Error, mismatched argument #2 for command 'protect'");
+
+	if (m_procType == EProcTypes::TypeImage)
+	{
+		m_targetImage = target;
+	}
+	else
+	{
+		m_targetProcId = _wtol(target.c_str());
+		if (!m_targetProcId)
+			throw WException(-2, L"Error, invalid target pid for command 'protect'");
+	}
+}
+
+void CommandProtect::PerformCommand(Connection& connection)
+{
+	HidStatus status;
+	HidObjId objId;
+
+	switch (m_procType)
+	{
+	case EProcTypes::TypeProcessId:
+		status = Hid_AttachProtectedState(connection.GetContext(), m_targetProcId, m_inheritType);
+		break;
+	case EProcTypes::TypeImage:
+		status = Hid_AddProtectedImage(connection.GetContext(), m_targetImage.c_str(), m_inheritType, m_applyByDefault, &objId);
+		break;
+	default:
+		throw WException(-2, L"Internal error, invalid type for command 'protect'");
+	}
+
+	if (!HID_STATUS_SUCCESSFUL(status))
+		throw WException(HID_STATUS_CODE(status), L"Error, command 'protect' rejected");
+
+	wcerr << L"Command 'protect' successful" << endl;
+	if (EProcTypes::TypeProcessId)
+		wcout << L"status:ok" << endl;
+	else
+		wcout << L"status:ok;objid:" << objId << endl;
+}
+
+// =================
+
+CommandUnprotect::CommandUnprotect() : m_command(L"/unprotect")
+{
+}
+
+CommandUnprotect::~CommandUnprotect()
+{
+}
+
+bool CommandUnprotect::CompareCommand(std::wstring& command)
+{
+	return (command == m_command);
+}
+
+void CommandUnprotect::LoadArgs(Arguments& args)
+{
+	wstring object, target;
+
+	if (!args.GetNext(object))
+		throw WException(-2, L"Error, mismatched argument #1 for command 'unprotect'");
+
+	if (object == L"pid")
+	{
+		m_targetType = ETargetIdType::ProcId;
+
+		if (!args.GetNext(target))
+			throw WException(-2, L"Error, mismatched argument #2 for command 'unprotect'");
+
+		m_targetProcId = _wtol(target.c_str());
+		if (!m_targetProcId)
+			throw WException(-2, L"Error, invalid target ruleid for command 'unprotect'");
+	}
+	else if (object == L"all")
+	{
+		m_targetType = ETargetIdType::All;
+	}
+	else
+	{
+		m_targetType = ETargetIdType::RuleId;
+
+		m_targetId = _wtoll(object.c_str());
+		if (!m_targetId)
+			throw WException(-2, L"Error, invalid target ruleid for command 'unprotect'");
+	}
+}
+
+void CommandUnprotect::PerformCommand(Connection& connection)
+{
+	HidStatus status;
+
+	switch (m_targetType)
+	{
+	case ETargetIdType::All:
+		status = Hid_RemoveAllProtectedImages(connection.GetContext());
+		break;
+	case ETargetIdType::ProcId:
+		status = Hid_RemoveProtectedState(connection.GetContext(), m_targetProcId);
+		break;
+	case ETargetIdType::RuleId:
+		status = Hid_RemoveProtectedImage(connection.GetContext(), m_targetId);
+		break;
+	default:
+		throw WException(-2, L"Internal error, invalid type for command 'unprotect'");
+	}
+
+	if (!HID_STATUS_SUCCESSFUL(status))
+		throw WException(HID_STATUS_CODE(status), L"Error, command 'unprotect' rejected");
+
+	wcerr << L"Command 'unprotect' successful" << endl;
+	wcout << L"status:ok" << endl;
+}
diff --git a/HiddenCLI/Protect.h b/HiddenCLI/Protect.h
new file mode 100644
index 0000000..23be0a3
--- /dev/null
+++ b/HiddenCLI/Protect.h
@@ -0,0 +1,47 @@
+#pragma once
+
+#include "Commands.h"
+
+class CommandProtect : public ICommand
+{
+	const wchar_t* m_command = nullptr;
+
+	EProcTypes   m_procType;
+	std::wstring m_targetImage;
+	HidProcId    m_targetProcId;
+	HidPsInheritTypes m_inheritType;
+	bool         m_applyByDefault;
+
+public:
+
+	CommandProtect();
+	virtual ~CommandProtect();
+
+	virtual bool CompareCommand(std::wstring& command);
+	virtual void LoadArgs(Arguments& args);
+	virtual void PerformCommand(Connection& connection);
+};
+
+class CommandUnprotect : public ICommand
+{
+	const wchar_t* m_command = nullptr;
+
+	enum ETargetIdType {
+		RuleId,
+		ProcId,
+		All
+	};
+
+	ETargetIdType m_targetType;
+	HidProcId     m_targetProcId;
+	HidObjId      m_targetId;
+
+public:
+
+	CommandUnprotect();
+	virtual ~CommandUnprotect();
+
+	virtual bool CompareCommand(std::wstring& command);
+	virtual void LoadArgs(Arguments& args);
+	virtual void PerformCommand(Connection& connection);
+};