Understanding the different CatchPulse modes

CatchPulse's powerful Application Allowlisting comes in 5 distinct modes that are designed to accommodate the different levels of security that users may require.

To change your Standard Application Allowlisting Mode to other modes from the Desktop Taskbar

  1. Right-click on the CatchPulse tray icon, select Application Allowlisting on the menu and click on the CatchPulse mode you prefer.

  2. The CatchPulse icon in the system tray will differ if Interactive Mode, Lockdown Mode or Trust All mode is selected.

Automatic Mode

This mode also will automatically enable the Auto Protect Switch where it takes advantage of the AI to make the best decisions recommended for you. Whenever there is a new and untrusted file, it will decide whether to trust or block the application based on your existing trusted list. This is useful if you want to keep the prompts as minimal as possible, and it is also generally non-intrusive as well.

When the Auto Protect Switch is disabled, it will automatically switch to Interactive Mode. This does not mean that your device is unprotected, as the application control in Interactive Mode will block the file first and it will remain that way until you make a decision to trust or block the file.

Learn How to Switch to Automatic Mode

Interactive Mode

This is the default mode that CatchPulse is on and is the one that gives you the best balance between the level of flexibility and control and is recommended for normal use. Every time a new and untrusted file runs for the first time, regardless of whether it was just downloaded/copied or has been in your computer for some time, CatchPulse will stop it from running automatically.

You will then be prompted to make a decision whether to trust the file or block it. The prompt contains a diagnosis of whether the file is signed as well as letting you know how many of the AV engines are detecting it as a threat.

Trusting the file will add it to your application allowlist and will no longer be prompted on subsequent launches. Blocking the file will simply prevent the file from processing to launch.

An exception would be when the Cloud AV detects the already trusted file as a possible threat (when one or more engines detect it as a virus) when its virus definitions are updated. Cloud AV will, therefore, prompt the user with the updated detection information, on which case the user can Quarantine, Delete, or Ignore the detected file.

Selecting Quarantine & Delete options will remove the file from the allowlist. On the other hand, selecting Ignore will continue to let the file stay in the allowlist and run freely.

Learn How to Switch to Interactive Mode

Lockdown Mode

This mode has the highest level of security and the lowest flexibility. It blocks every file not on your application allowlist that tries to start a process on your computer. Non-Admin Windows User Accounts are set to Lockdown mode without the option to switch to other modes.

This is the perfect mode for users who do not wish to be prompted and is confident to operate with applications that he/she already trusts. Cases in which this level of security might come in handy would be when you are connected to an unsecured network (i.e. public wifi, campus network), for cases where a prompt may cause a disturbance (i.e. intense gaming, video rendering), and lastly for Non-Admin Users Accounts of a Windows PC.

Users can still launch new and untrusted applications in this mode by manually changing the trust level of the file you intend to launch prior to running it.

Note that manually changing the trust level of a file can only be done by Windows accounts with Admin privileges. As an added precaution it is highly recommended to manually scan the file before manually trusting it.

Learn How to Switch to Lockdown Mode

Trust All

This mode has the highest level of flexibility and the lowest in terms of security. In this mode, all files that start a process are trusted. This means that during the period that CatchPulse is in Trust All mode, all files are automatically added to your application allowlist.

Being in Trust All mode doesn't leave your computer vulnerable to attacks. Cloud AV will still be functional and will notify you if a new threat has entered (downloaded or copied to) your computer. As this is only the anti-malware component operating, the file itself is free to auto-run even if it is detected and is only stopped at the time the user chooses to delete or quarantine the harmful file.

As this practically disables the added security component of maintaining an application allowlist with CatchPulse, Trust All mode cannot be permanently enabled and it switches back to your previous mode after either 5 minutes, 30 minutes or on your next reboot.

Note: For users using the Lite version of CatchPulse, Trust All Mode can only be selected to run until the next reboot.

Learn How to Temporarily Switch to Trust All Mode

Observation Mode

This mode has the lowest level of security and is primarily used for testing purposes. It will allow all new and untrusted files in your computer to run and CatchPulse will record its behaviour in the log files.

Being in this mode means that your computer will be susceptible to potential threats whenever you download new and untrusted files. It is advised that you switch off your Observation Mode so that untrusted applications will remain untrusted.

Learn How to Switch to Observation Mode

Support and feedback

Should you encounter any issues using CatchPulse with any of the mentioned or missed requirements above, you can write to us a docs@secureage.com.

This page was last updated: May 06, 2024