The Behavior Blocker section lists all running process with columns for Process (Name), ID (Process ID), Description, Company and Status. The Status column indicates whether the process is being:
- Monitored – by the Behavior Blocker.
- Not monitored – i.e. system processes, whose monitoring is not supported.
- Trusted – by means of an application rule.
- Blocked – by means of an application rule.
- Excluded – by means of a matching exclusion.
Note: Anti-Ransomware and Behavior Blocker features are connected because they rely on the same core technology.
The search box above the list allows you to search the list for specific processes, Id’s, descriptions, companies or status.
Right-click on a process in the list to open a context menu providing the following actions:
- Edit rule – Opens the Application Rules dialog to a blank rule for this process (or an existing rule if one is available), providing fast access to rule creation for the process.
- Quarantine program – Sends the process to Quarantine.
- End process – Terminates the process.
- Open file location – Opens the folder where this process is located on your computer.
- File properties – Opens a dialog displaying information on the file including file path, file hashes, publisher details, whether the file is digitally signed and the file’s Anti-Malware Network reputation.
You can also configure the default action that the Behavior Blocker takes when it encounters a suspicious program:
- Suspicious programs – Choose whether the Behavior Blocker should [Auto resolve, notifications for threats only], [Auto-resolve with lookup notifications] or [Alert] from the drop down menu. Both [Auto resolve, notifications for threats only] and [Auto-resolve with lookup notifications] require that [Lookup reputation of programs] is enabled in Settings/Privacy.
- Add application rule – Opens the Application Rules dialog to a blank rule, providing fast access to rule creation for a process.
- Edit rule – Opens the Application Rules dialog to a blank rule for this process (or an existing rule if one is available), providing fast access to rule creation for the selected process.
For more information regarding the Behavior Blocker, please see our comprehensive guide.