Clean PC Mode questions

I plan to upgrade from CFP 3.0 to CIS 3.9 when it is released. I was using Paranoid Mode in CFP 3.0, but it was a painful training period over several months, and I share the PC with an inexperienced user who learned to allow everything. I am trying to figure out what to do for CIS 3.9. With all of my security precautions, I feel confident in using Clean PC Mode. I also plan to use the Parental Controls for my inexperienced user.

Does Clean PC Mode produce the same rules as Paranoid Mode on existing applications after training? (This allows me to modify the rules for better security for some applications).

If malware replaces an existing application (where Defense+ rules are already learned), would Clean PC Mode produce an alert?

Thanks in advance.

Read this tutorial Configuring CIS for Maximum Security with ZERO Alerts for Novices.

In Clean PC mode all executables on fixed drives are assumed safe. All new executables will be regarded as not safe. If the malware was not already on your drive you would get an alert.

I had read that tutorial before I created this thread, and it did not answer my specific, technical questions. It is not clear to me if existing executables get rules that allow everything in a blanket way (like Safe Mode does) or if specific rules are created as Defense+ learns their behavior. The difference is important when I want to manually block or add certain rules. It is also not clear to me if overwriting an existing executable is considered a new executable.