Understanding the different CatchPulse modes
Last updated: August 02, 2022
CatchPulse's powerful Application Allowlisting comes in 3 distinct modes that are designed to accommodate the different levels of security that users may require.
To change your Standard Application Allowlisting Mode to other modes from the Desktop Taskbar
Right-click on the CatchPulse tray icon, select Application Allowlisting on the menu and click on the CatchPulse mode you prefer.
The CatchPulse icon in the system tray will differ if Interactive Mode, Lockdown Mode or Trust All mode is selected.
This is the default mode that CatchPulse is on and is the one that gives you the best balance between the level of flexibility and control and is recommended for normal use. Every time a new and untrusted file runs for the first time, regardless of whether it was just downloaded/copied or has been in your computer for some time, CatchPulse will stop it from running automatically.
You will then be prompted to make a decision whether to trust the file or block it. The prompt contains a diagnosis of whether the file is signed as well as letting you know how many of the AV engines are detecting it as a threat.
Trusting the file will add it to your application allowlist and will no longer be prompted on subsequent launches. Blocking the file will simply prevent the file from processing to launch.
An exception would be when the Cloud AV detects the already trusted file as a possible threat (when one or more engines detect it as a virus) when its virus definitions are updated. Cloud AV will, therefore, prompt the user with the updated detection information, on which case the user can Quarantine, Delete, or Ignore the detected file.
Selecting Quarantine & Delete options will remove the file from the allowlist. On the other hand, selecting Ignore will continue to let the file stay in the allowlist and run freely.
This mode has the highest level of security and the lowest flexibility. It blocks every file not on your application allowlist that tries to start a process on your computer. Non-Admin Windows User Accounts are set to Lockdown mode without the option to switch to other modes.
This is the perfect mode for users who do not wish to be prompted and is confident to operate with applications that he/she already trusts. Cases in which this level of security might come in handy would be when you are connected to an unsecured network (i.e. public wifi, campus network), for cases where a prompt may cause a disturbance (i.e. intense gaming, video rendering), and lastly for Non-Admin Users Accounts of a Windows PC.
Users can still launch new and untrusted applications in this mode by manually changing the trust level of the file you intend to launch prior to running it.
Note that manually changing the trust level of a file can only be done by Windows accounts with Admin privileges. As an added precaution it is highly recommended to manually scan the file before manually trusting it.
This mode has the highest level of flexibility and the lowest in terms of security. In this mode, all files that start a process are trusted. This means that during the period that CatchPulse is in Trust All mode, all files are automatically added to your application allowlist.
Being in Trust All mode doesn't leave your computer vulnerable to attacks. Cloud AV will still be functional and will notify you if a new threat has entered (downloaded or copied to) your computer. As this is only the anti-malware component operating, the file itself is free to auto-run even if it is detected and is only stopped at the time the user chooses to delete or quarantine the harmful file.
As this practically disables the added security component of maintaining an application allowlist with CatchPulse, Trust All mode cannot be permanently enabled and it switches back to your previous mode after either 5 minutes, 30 minutes or on your next reboot.
Note: For users using the Lite version of CatchPulse, Trust All Mode can only be selected to run until the next reboot.