Thanks. I didn't realize EIS had such a feature. I'm trying it now and like it.
The Emsisoft Anti-Malware Network (AMN) is integrated into the Behavior Blocker; when the Behavior Blocker detects suspicious behavior - typically during an installation or during application usage - it will query the Anti-Malware Network.
File Reputations:
A. Known_Good (Creates "Allow All" or "Custom" rule for the app).
B. Known_Bad (immediately a notification fires and the file will be auto-quarantined at default settings).
C. Unknown (EIS allows the install, but it is continually monitored by the Behavior Blocker).
The whole point of the Anti-Malware Network is the creation of rules - just like Kaspersky.
The difference is, Kaspersky will assign little-known to Low and High Restricted zones with limited resource access rights.
Emsisoft is essentially "Allow" or "Block." For the little-known apps, the Behavior Blocker continually monitors.
If an app is not in the Emsisoft Anti-Malware Network, in my experience, that is not all that frequent during typical use (if you test hundreds of adware\riskware\malware samples on a regular basis, then yes, it is more common (maybe 5 out of 100 samples) since none of the anti-virus file reputation databases can keep up with creation of new malicious apps).
These are just my experiences...