An alert is triggered upon opening Windows Programs and Features screen, potentially in order to uninstall a program.

An alert is triggered upon running the installation file of a predefined advanced monitoring tool to reveal information that could be sensitive.

An alert is triggered upon running the installation file of a predefined Dynamic-DNS tool to hide an identity.

An alert is triggered upon running the installation file of an FTP/SFTP desktop application that can be used to transfer files/folders.

An alert is triggered upon running the installation file of a predefined hacking or spoofing tool that can be used to gain access to a restricted area or cause damage to an organization’s assets.

An alert is triggered upon running an installation file which is not included in the permitted software for installation.

An alert is triggered upon running the installation file of a peer-to-peer (P2P) application that can be used to share/use content that might be copyrighted, insert malicious content, or steal sensitive information.

An alert is triggered upon running an installation file of a predefined password cracking tool, to try and break a password-protected file with potentially sensitive information.

An alert is triggered upon running an installation file of a remote PC access or other desktop sharing application that could be used to take control of a machine remotely or take control of another remote machine.

An alert is triggered upon running an installation file of a secured or encrypted email client which could be used to transfer information that cannot be monitored. This action could indicate that the user has something to hide.

An alert is triggered upon running an installation file of a predefined TOR tool such as TOR browser in order access the Dark Web. This action could indicate that a user wants to hide his identity while performing illegal activity.

An alert is triggered upon running an installation file of a not allowed cloud backup application that could be used to insert malicious software or steal sensitive information.

An alert is triggered upon running an installation file of a blacklisted cloud transfer application that could be used to insert malicious software or steal sensitive information.

An alert is triggered upon running an installation file of an email client or Instant Messaging application that is not authorized.

An alert is triggered upon running an installation file of various predefined virtualization solutions. This action could indicate that the user is trying to perform activity on a virtual machine that will be destroyed later leaving no traces.

An alert is triggered upon running an installation file of a predefined VPN/Proxy/Tunneling tool that can be used to gain access to a restricted area or hide the real identity of a user.

An alert is triggered upon running the uninstallation of any software on a machine that functions as a desktop.

An alert is triggered upon running the uninstallation of any software on a machine that functions as a server.