there is only so many things that a malicious process can perform, and that has not changed over the years
the emsisoft behavior blocker (mamutu) was tuned all those years ago and still gets it right
there have been refinements to it over the years to be sure
how many people set the behavior blocker to "notify always"?
it is never tested by any lab in that configuration
the test outcomes will be much different on the side of emsisoft
do you mean the monitoring\reporting\edr-xdr or the protection capabilities?
