Well, I am not sure if “Blocker” is the exact name in English version, since I’m using Simplified Chinese one. Indeed, I am talking about the feature in “Standard Protection”.
When an EXE file is accessed (e.g. user is trying to view the file properties in windows explorer), the dialog pops up, asking whether to grant the access or not. My question is, what does the option “Accept all” mean? To accept all future access from process “explorer”, to accept any access from any process to this file, or to accept any access to the specific file type (EXE)? Or totally disable the blocker function? I think it might be better if the description can be more specific.
Furthermore, no matter how it behaves, if I chose this, how can I revert the configuration back to prompt again? Seems I couldn’t find a way to do that.
Apart from the fact that the Behavior Blocker is an old feature and its usefulness is very limited in today’s Windows environment, it is a blocker of suspicious behavior (thus preventing an unknown virus to spread or perform its payload), not a protector of files.
Almost all the actions on your computer are performed by .exe files. If you prevent .exe files from executing their actions (such as opening a file for writing), you block almost everything - Word won’t be able to write the .doc file, e-mail client won’t be able to save the downloaded e-mail, programs won’t be able to store their settings. The operation “opening a file for writing, performed by an .exe file” is very common and there’s nothing suspicious about it. On the other hand, the operation “opening an .exe file for writing” is much less common and more suspicious (actually, I think it’s even more suspicious when it’s performed by a file with .xyz extension - that cannot even be started in an ordinary way - than by an .exe file). It will prevent files (like BAT,VBS,WSH,SCR,EXE…) to execute their actions.
I agree that your questions remain: I don’t know what the ‘accept all’ means in the future as the default extension set is downloaded on each virus database. Sorry, can help further.
In my opinion, “Accept all” means to accept all future access from the process, until the process ends. If you start the program again later, the blocker will ask you again. It will not remember your answer.
The blocker is quite useful if you configure the extension list carefully (and uncheck “default extension set”). It will prevent most unknown virus from infecting the computer, with less pop-up questions. In my extension list: “BAT,CMD,COM,CPL,DLL,EXE,INF,PIF,OCX,SCR,SYS,VDX”, most program will not create or modify files with these extensions, except that when I was installing a software that is known safe, I should click “Accept all” to allow the installer write EXE and DLLs.