Broadly speaking, a HIPS does not generally classify software as malware, but only alerts of suspicious processes. An exception to this is found in a supplementary feature of Emsisoft Online Armor that detects known malicious software by means of hash values. A hash is a unique checksum that is created from data of an existing file. This value will be compared to Emsisoft’s own cloud database, the “Emsisoft Anti-Malware Network”, and any file recognized as malware will be blocked. The final decision about whether to block or allow the action is still up to the user and their knowledge.