Quote Originally Posted by Superfly View Post
What's the "User dependent" thing?
A user has to Allow or Block the detection, which might or might not be malware. Like opening docs with macros.
It is usually based on heuristics/behavioural engine, which detect a suspicious activity, which might be normal.
This is considered as bad, because users tend to ignore it and click to allow, like for UAC/firewall's prompts.