An alert is triggered upon accessing Windows dialog for file sharing settings or folder sharing settings.

An alert is triggered upon browsing to websites that have been analyzed and detected as Phishing websites that try to steal the credentials of users by presenting an imitation of legitimate websites.

An alert is triggered upon opening the Windows Remote Assistance dialog that is built in to the Windows Operating System. This action could indicate that the user plans to grant access to this machine to a remote user.

An alert is triggered upon opening the Remote tab within the System Properties dialog to enable Remote Assitance. This action can indicate that the user plans to grant access to this machine to a remote user.

An alert is triggered upon detecting a potential user that stores passwords in a file that is named using the word PASSWORD (or its variants). As a bad security practice, such file names are searched for by malicious codes for password harvesting.

Opening sharing settings on Mac

Note: This rule applies specifically on Mac systems.

An alert is triggered upon opening the Sharing settings in System Preferences on Mac, potentially to enable sharing and so allow remote access to the Mac.

An alert is triggered whenever Windows Operating System detects opening a file with an invalid digital signature. This usually happens upon running either files downloaded from Internet or files executed directly from a remote machine (using UNC).

An alert is triggered upon running applications that enable desktop sharing with remote computers or applications that allow remote computers to access and control the computer.

An alert is triggered upon downloading or getting content/files from a remote location using a WGET/CURL/SFTP/SCP command. Such files can be risky as they could include commands that can run without proper verification.