501	tries to <access|TriggerAccessFlags> a file
502	tries to <access|TriggerAccessFlags> <x|TriggerCount> files
503	tries to rename a file
504	creates files on <x|TriggerCount> different machines
505	deletes and recreates an existing file
506	creates and then executes a file
507	tries to copy itself
508	tries to write to the ini file <file|TriggerIniFiles>
509	tries to write to the registry
510	tries to call <the API Function|TriggerFunctions> in <the DLL|TriggerDllFiles>
511	tries to write to the address space of another running process
512	tries to create a thread in the address space of another running process
513	monitors key strokes
514	creates a COM object
515	tries to send a HTTP request
516	performs a HTTP download
517	creates <x|TriggerCount> network connections
518	listens for network connections
519	sends <x|TriggerCount> pings
520	downloads an email containing a suspicious link
521	named <file name|TriggerFiles>
522	in <the folder|TriggerFolders>
523	that looks like an executable
524	containing executable code
525	with a suspicious double extension
526	within <y|TriggerSeconds> seconds
527	from <file name|TriggerFiles>
528	to <file name|TriggerFiles2>
529	so it has a suspicious double extension
530	having <file name|TriggerFiles>
531	within <x|TriggerSeconds> seconds
532	to <the section|TriggerKeys>
533	to <the value|TriggerValues>
534	to <the key|TriggerKeys>
535	with <guid|TriggerGuids>
536	with a URL longer than <x|TriggerLength> bytes
537	with a header longer than <y|TriggerLength2> bytes
538	to <the domain or IP|TriggerDomains>
539	retrieving <the file|TriggerFiles>
540	retrieving a file of type <content type|TriggerMimeTypes>
541	from the <domain or IP|TriggerDomains>
542	on port <number|TriggerPorts>
543	to the same domain or IP
544	kill the source process
545	inform the local user
546	write event to the system log
547	send an administarative alert
548	prevent the file access
549	prevent the file rename
550	prevent the copy
551	prevent the file write
552	prevent the registry write
553	prevent the memory write
554	prevent the thread creation
555	prevent the object creation
556	block the request
557	disable the link
558	prevent the connection
559	prevent the listen
560	no options available
561	Error
562	read
563	write
564	delete
565	create
566	execute
567	INI Files (*.ini)*.ini
568	DLL Files (*.dll)*.dll
569	All Files (*.*)*.*
570	When
571	or
572	then
573	When any process
\n
574	When any non-interactive process
\n
575	When and email program or web browser
\n
576	process list
577	Functions
578	You must click on the underlined items and configure them before continuing
579	and
580	the source process is in the system process list
581	the source process is in the trusted process list
582	the source process is <process list|ExcludedProcesses>
583	the target file is <file name|ExcludedFiles>
584	the target file is in <the folder|ExcludedFolders>
585	the target files are <file names|ExcludedFiles>
586	the target files are in <the folder|ExcludedFolders>
587	the target file is originally named <file name|ExcludedFiles>
588	the target file is renamed to <file name|ExcludedFiles>
589	the target ini file is <file name|ExcludedFiles>
590	the target ini section is <section name|ExcludedKeys>
591	the target value is <value name|ExcludedValues>
592	the target registry key is <registry key|ExcludedKeys>
593	the downloaded file is <file name|ExcludedFiles>
594	the downloaded file type is <content type|ExcludedMimeTypes>
595	the port is <number|ExcludedPorts>
596	except when
597	delete the file
598	Registry Keys
599	Registry Values
600	Domains or IP Addresses
601	Ports