I think is a great addition btw. One question though as I haven't played around with it much. 1. When WSA loads up, will it automatically monitor any new process that runs and and begin analyze it for suspicious behavior on its own (i.e don't trust anything at first) or is this something that users have to manually control (if we think something is suspicious the user has to then enable it for monitoring). 2. If something is being monitored and it does not display malicious behavior, will it eventually earn a Trusted-state on it's own? Or again, do users need to manually decide that? I think if WSA automatically started monitoring every process upon start-up this would be a good feature. Perhaps even monitor whitelisted processes as well since those can taken over. Thanks for any explanation. I look forward to testing it out more.