Many of the protections can be temporarily suspended from the context menu accessed by a right-click from the AppGuard system tray icon (e.g. lowering the protection level to "Install" in order to install or update software, suspending guarded execution, etc). This still has to be done before a blocked event occurs though; it is by design and is one of the ways in which AppGuard differs from a classical HIPS or anti-executable. A classical HIPS/AE in interactive mode would display a prompt that leaves the decision to block or allow with the user. AppGuard does not do this: it automatically blocks any potentially dangerous behaviour that could compromise the security of the trusted enclave. This is similar to the way a classical HIPS functions in policy mode. The purpose of the alert is to notify the user of the action that AppGuard has taken after the behaviour has already been blocked. For expert users who like to have full control over the operation of their system, and who have the required level of expertise to make correct security decisions, a classical HIPS/AE may be preferred. For average users who may lack the necessary expertise, the policy restriction approach is preferable because it removes the need for user involvement in decision making. Automatic policy restriction is also better for those expert users who, whilst having the necessary level of expertise to make security decisions, prefer their security programs to operate quietly in the background without them having to get involved in manually shaping the policy. Most blocked events are harmless and can be ignored. On the rare occasions that an AppGuard blocked event stops something from working properly, there is sufficient customization available within the program to overcome this.