~ Active protection is disabled – Active Protection (AP) is a real-time method for detecting malware. AP sits quietly in the background as you work or browse the internet, constantly monitoring files that are executed (run) without causing noticeable strain to your system.

~ Firewall protection is disabled – Firewall provides bi-directional protection, protecting you from both incoming and outgoing traffic. A firewall protects your network from unauthorized intrusion.

~ Virus definitions are outdated – Definitions (often called threat definitions) are the basis that an anti-virus or anti-spyware tools uses to compare against when protecting you from all sorts of malware, whether by scans, email protection, or real time protection.

~ Virus is detected – The object is a legitimate file infected by a virus. Sometimes the infected file can be disinfected, and the legitimate file can be provided to the end user. However, not all types of infection can be disinfected—for example, the whole Trojan category cannot be disinfected. An important characteristic of a virus is that the virus replicates itself, ensuring its continuous spread. No other threat type replicates itself.

~ Spyware is detected – Spyware is a large class of malicious applications with a huge range of malicious activity. This category includes applications which steal password and credit card information, online game account passwords, provide false security alerts giving the impression that the user's machine is in a critical state and demanding money for "fixes", and so on. Usually, spyware gets installed without the user's informed consent.

~ Adware is detected – Adware is a class of malicious applications designed to display advertisements on the user's desktop, or in the web browser. Adware is also often used to monitor and report user browsing habits to the advertiser to bring more relevant ads. Some "free" applications available on the Web contain the adware payload, which is usually installed with user consent, while some other adware applications are installed without user consent.

~ Dialer is detected – Dialers are applications which use the modem connected to the computer to dial premium-rate numbers. Usually they call either local pay-per-minute numbers or international numbers; per-minute costs have been known to reach several hundreds of dollars. Even if installed with user consent, they usually do not provide information about the real cost of the call.

~ Malicious App is detected – The object is an application which is often installed and used for malicious purposes by 3rd parties. While the application itself is not malicious, experience shows that it poses a higher probability (compared to others) to be used for malicious purposes and being installed without user consent. This category includes web or socks proxies, remote administration software and other types of software.

~ Severe Level risks are detected – Severe risks are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine.

~ High Level risks are detected – High risks are typically installed without user interaction through security exploits, and can severely compromise system security.

~ Moderate risks are detected – Moderate risks are often bundled with functionality unrelated software or installed without adequate notice and consent, and may make unwanted advertising on the user's desktop.

~ Elevated Level risks are detected – Elevated risks are typically installed without adequate notice and consent, and may make unwanted changes to your system, such as re-configuring your browser's homepage and search setting.

~ Low Level risks are detected – Low risks should not harm your computer or compromise your privacy and security unless they have been installed without your knowledge and consent.

~ If Anti-Executable protection is disabled for X or more hours – Protection set to disabled, indicates that Anti-Executable is not protecting a computer based on the Policy Control List or Local Control List and any executable can be launched on the computer.

~ If maintenance mode is enabled for X or more hours (Except during scheduled maintenance) – In Maintenance Mode, new executable files added or modified are automatically added to the Local Control List of Anti-Executable. Typically AE Maintenance should automatically end once scheduled maintenance is over. Computer which remains in maintenance mode for an extended time can be a security concern needing Admin attention.

~ If a protected computer has X or more Violations in a day – A protected machine can have violations when a user tries to execute a file outside its Allowed list of files as authorized in its Policy Control List or Local Control List. A high number of violation can indicate as unauthorized file trying to execute itself needing Admin attention.

~ If a protected computer has X or more Blocked File Violations in a day – A protected computer blocks files that are explicitly defined as Blocked in the Policy Control List or Local Control list. A "Control List Blocked" violation is logged. Admin attention may be needed if a specific computer is reporting high number of this violation type.

~ If a specific file is causing Violations on X or more computers – If more than a specified number of computers report a violation or blocked event for the same file, this could be a case of a network virus attack across computers that can be actively reported by AE.

~ If the computer is in Thawed state for more than X hours – An alert will be sent if a computer remains Thawed for longer than the configurable threshold.

~ Windows Update security status is marked as Vulnerable – A computer is marked as Vulnerable whenever it has one or more Critical or Security patches missing.

~ Windows Update has a new pending patch waiting approval – An alert is sent when a new security or critical patch is pending approval.

~ Windows Update patch scan status is outdated on a computer – An alert is sent when a computer’s patch scan status has not been updated for over 7 days.

> Alternatively, select Exclude computers with these Tags if you do not want to be notified about alerts on the computers with the specified tags.