diff --git a/README.md b/README.md
index 39c476a..2e7547c 100644
--- a/README.md
+++ b/README.md
@@ -103,6 +103,9 @@ Thanks to [Weatherlights](https://github.com/Weatherlights) in [#256 (reply in t
 **-ModsPath**  
 Get Mods from external Path (**URL/UNC/Local**) - download/copy to `mods` in Winget-AutoUpdate installation location if external mods are newer.  
 
+Security:  
+If -ModsPath is used during installation WAU assumes it's an enterprise environment and adds a **Deny rule** to the file rights for the directory `mods` for **Local Users** (SID: S-1-5-32-545) making it impossible to implement own scripts that can be executed in **SYSTEM** context.
+
 For **URL**: This requires a site directory with **Directory Listing Enabled** and no index page overriding the listing of files (or an index page with href listing of all the **Mods** to be downloaded):  
 ```
 <ul>
diff --git a/Winget-AutoUpdate-Install.ps1 b/Winget-AutoUpdate-Install.ps1
index f4b1087..ffa46be 100644
--- a/Winget-AutoUpdate-Install.ps1
+++ b/Winget-AutoUpdate-Install.ps1
@@ -367,7 +367,7 @@ function Install-WingetAutoUpdate {
             New-ItemProperty $regPath -Name WAU_BypassListForUsers -Value 1 -PropertyType DWord -Force | Out-Null
         }
 
-        #Set ACL for users on logfile
+        #Set ACL for Authenticated Users on logfile
         $LogFile = "$WingetUpdatePath\logs\updates.log"
         if (test-path $LogFile) {
             $NewAcl = Get-Acl -Path $LogFile
@@ -380,6 +380,17 @@ function Install-WingetAutoUpdate {
             Set-Acl -Path $LogFile -AclObject $NewAcl
         }
 
+        #Most likely an enterprise with central mods, not a home user
+        if ($ModsPath) {
+            # Set ReadOnly on Mods Directory for Local Users - Security risk if not done (they could create a script of their own - System Context)!
+            $directory = Get-Item -Path "$WingetUpdatePath\mods"
+            $acl = Get-Acl -Path $directory.FullName
+            $userSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-545")
+            $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSID, "Write", "Deny")
+            $acl.SetAccessRule($rule)
+            Set-Acl -Path $directory.FullName -AclObject $acl
+        }
+
         #Create Shortcuts
         if ($StartMenuShortcut) {
             if (!(Test-Path "${env:ProgramData}\Microsoft\Windows\Start Menu\Programs\Winget-AutoUpdate (WAU)")) {
diff --git a/Winget-AutoUpdate/Winget-Upgrade.ps1 b/Winget-AutoUpdate/Winget-Upgrade.ps1
index 55a2e24..febaccc 100644
--- a/Winget-AutoUpdate/Winget-Upgrade.ps1
+++ b/Winget-AutoUpdate/Winget-Upgrade.ps1
@@ -203,70 +203,72 @@ if (Test-Network) {
         Write-Log "Checking application updates on Winget Repository..." "yellow"
         $outdated = Get-WingetOutdatedApps
 
-        #If something is wrong with the winget source, exit
-        if ($outdated -like "Problem:*") {
-            Write-Log "Critical: An error occured, exiting..." "red"
-            Write-Log "$outdated" "red"
-            New-Item "$WorkingDir\logs\error.txt" -Value "$outdated" -Force
-            Exit 1
+        #If something unusual happened
+        if ($outdated -like "An unusual*") {
+            Write-Log "$outdated" "cyan"
+            $outdated = $False
         }
 
-        #Log list of app to update
-        foreach ($app in $outdated) {
-            #List available updates
-            $Log = "-> Available update : $($app.Name). Current version : $($app.Version). Available version : $($app.AvailableVersion)."
-            $Log | Write-host
-            $Log | out-file -filepath $LogFile -Append
-        }
-
-        #Count good update installations
-        $Script:InstallOK = 0
-
-        #Trick under user context when -BypassListForUsers is used
-        if ($IsSystem -eq $false -and $WAUConfig.WAU_BypassListForUsers -eq $true) {
-            Write-Log "Bypass system list in user context is Enabled."
-            $UseWhiteList = $false
-            $toSkip = $null
-        }
-
-        #If White List
-        if ($UseWhiteList) {
-            #For each app, notify and update
+        #Run only if $outdated is populated!
+        if ($outdated) {
+            #Log list of app to update
             foreach ($app in $outdated) {
-                if (($toUpdate -contains $app.Id) -and $($app.Version) -ne "Unknown") {
-                    Update-App $app
-                }
-                #if current app version is unknown
-                elseif ($($app.Version) -eq "Unknown") {
-                    Write-Log "$($app.Name) : Skipped upgrade because current version is 'Unknown'" "Gray"
-                }
-                #if app is in "excluded list"
-                else {
-                    Write-Log "$($app.Name) : Skipped upgrade because it is not in the included app list" "Gray"
+                #List available updates
+                $Log = "-> Available update : $($app.Name). Current version : $($app.Version). Available version : $($app.AvailableVersion)."
+                $Log | Write-host
+                $Log | out-file -filepath $LogFile -Append
+            }
+
+            #Count good update installations
+            $Script:InstallOK = 0
+
+            #Trick under user context when -BypassListForUsers is used
+            if ($IsSystem -eq $false -and $WAUConfig.WAU_BypassListForUsers -eq $true) {
+                Write-Log "Bypass system list in user context is Enabled."
+                $UseWhiteList = $false
+                $toSkip = $null
+            }
+
+            #If White List
+            if ($UseWhiteList) {
+                #For each app, notify and update
+                foreach ($app in $outdated) {
+                    if (($toUpdate -contains $app.Id) -and $($app.Version) -ne "Unknown") {
+                        Update-App $app
+                    }
+                    #if current app version is unknown
+                    elseif ($($app.Version) -eq "Unknown") {
+                        Write-Log "$($app.Name) : Skipped upgrade because current version is 'Unknown'" "Gray"
+                    }
+                    #if app is in "excluded list"
+                    else {
+                        Write-Log "$($app.Name) : Skipped upgrade because it is not in the included app list" "Gray"
+                    }
                 }
             }
-        }
-        #If Black List or default
-        else {
-            #For each app, notify and update
-            foreach ($app in $outdated) {
-                if (-not ($toSkip -contains $app.Id) -and $($app.Version) -ne "Unknown") {
-                    Update-App $app
-                }
-                #if current app version is unknown
-                elseif ($($app.Version) -eq "Unknown") {
-                    Write-Log "$($app.Name) : Skipped upgrade because current version is 'Unknown'" "Gray"
-                }
-                #if app is in "excluded list"
-                else {
-                    Write-Log "$($app.Name) : Skipped upgrade because it is in the excluded app list" "Gray"
+            #If Black List or default
+            else {
+                #For each app, notify and update
+                foreach ($app in $outdated) {
+                    if (-not ($toSkip -contains $app.Id) -and $($app.Version) -ne "Unknown") {
+                        Update-App $app
+                    }
+                    #if current app version is unknown
+                    elseif ($($app.Version) -eq "Unknown") {
+                        Write-Log "$($app.Name) : Skipped upgrade because current version is 'Unknown'" "Gray"
+                    }
+                    #if app is in "excluded list"
+                    else {
+                        Write-Log "$($app.Name) : Skipped upgrade because it is in the excluded app list" "Gray"
+                    }
                 }
             }
+
+            if ($InstallOK -gt 0) {
+                Write-Log "$InstallOK apps updated ! No more update." "Green"
+            }
         }
 
-        if ($InstallOK -gt 0) {
-            Write-Log "$InstallOK apps updated ! No more update." "Green"
-        }
         if ($InstallOK -eq 0) {
             Write-Log "No new update." "Green"
         }
diff --git a/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1 b/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1
index ae6aa50..53cc0a7 100644
--- a/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1
+++ b/Winget-AutoUpdate/functions/Get-WingetOutdatedApps.ps1
@@ -13,7 +13,7 @@ function Get-WingetOutdatedApps {
 
     #Start Convertion of winget format to an array. Check if "-----" exists (Winget Error Handling)
     if (!($upgradeResult -match "-----")) {
-        return "Problem:`n$upgradeResult"
+        return "An unusual thing happened (maybe all apps are upgraded):`n$upgradeResult"
     }
 
     #Split winget output to lines
diff --git a/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1 b/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
index e9eeb5d..ec614d1 100644
--- a/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
+++ b/Winget-AutoUpdate/functions/Invoke-PostUpdateActions.ps1
@@ -53,6 +53,18 @@ function Invoke-PostUpdateActions {
         Write-Log "-> MaxLogFiles/MaxLogSize setting was missing. Fixed with 3/1048576 (in bytes, default is 1048576 = 1 MB)."
     }
 
+    #Most likely an enterprise with central mods, not a home user
+    $ModsPath = Get-ItemProperty $regPath -Name WAU_ModsPath -ErrorAction SilentlyContinue
+    if ($ModsPath) {
+        # Set ReadOnly on Mods Directory for Local Users - Security risk if not done (they could create a script of their own - System Context)!
+        $directory = Get-Item -Path "$WingetUpdatePath\mods"
+        $acl = Get-Acl -Path $directory.FullName
+        $userSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-545")
+        $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($userSID, "Write", "Deny")
+        $acl.SetAccessRule($rule)
+        Set-Acl -Path $directory.FullName -AclObject $acl
+    }
+
     #Convert about.xml if exists (previous WAU versions) to reg
     $WAUAboutPath = "$WorkingDir\config\about.xml"
     if (test-path $WAUAboutPath) {