Treat unrecognized files as: ??

Please could someone who knows explain difference between modes in titled department and how is this connected and with which modes with sign “|” in “protected files and folders”

EDIT: sorry for unnecessary questions :-[ , I must be blind…
EDIT1: Topic closed by me :stuck_out_tongue:

[attachment deleted by admin]

It means those folders/files DROP restricted. i.e dropping files to those folders are blocked. for example

A protected entry: c:\temp* means block modification attempts to this folder but if malware drops file allow. c:\temp*| means protect modification + block file dropping too.

On a side note and from the top of my head. Sometimes when I closely follow a single application with D+ I get sometimes alerted it wants to create a file in a protected folder. The alert will say program tries to change protected folder.

The above seems to suggest that dropping a file is the same thing as trying to modify a protected folder.

Can you explain?

You are right. I should have been more clear. This is strictly related to sandbox operations. Lets say it matters for the sandboxed applications.

The latter is how I understood the function of the “|” sign with the protected folders.

I assume you use the word drop when referring to sandboxed applications and use modify (a protected folder) when referring to non sandboxed applications. It’s the use of two different words for a similar action that tripped me.