When processes make registry operations requesting for explicit permissions such as KEY_READ, KEY_WRITE, KEY_SET_VALUE etc, if not permitted by the IPS policy, these accesses will generate an appropriate CSP event logging the blocked action.
However if a process requests for MAXIMUM_ALLOWED permission to a registry key, the SCSP IPS driver correctly enforces the protection but does not log any event.
MAXIMUM_ALLOWED request is not an explicit request for read or write permission at the instance when the call is made. Instead it requests that the target object be opened with all the access rights that are valid for the caller. Please see http://msdn.microsoft.com/en-us/library/cc230290.aspx for information on this.
The symptom is that some MAXIMUM_ALLOWED opens will be blocked (reduced) by CSP and those will not generate a CSP event.