This a re-proposal of the idea I had presented in one of my other threads:
There should be an option to choose for whom to answer the alert for - If a harmless file executes a virus file (firefox.exe executing malicious code), the action you choose to take for the alert, applies to the object trying to access / execute (the harmless file). There is no way to block the malicious file directly.
There should be an option, in the alert, to apply a rule to the object being accessed, also.
Consider this alert - explorer.exe is trying to execute aaa.exe.
For this alert, instead of choosing block for explorer.exe, i.e., indirectly blocking the malware, we should be able to answer the alert for aaa.exe; treat as an isolated application , add to “My Blocked Files”, (one of my other wishes - to be able to add a file to “My Blocked Files” from an alert) etc.