Application modification detection
The application modification detection feature displays notifications if modified applications, for which a firewall rule exists, attempt to establish connections. Application modification is a mechanism of temporarily or permanently replacing an original application by another application by a different executable (protects against abusing firewall rules).
This feature is not meant to detect modifications to any application in general. The goal is to avoid abusing existing firewall rules, and only applications for which specific firewall rules exist are monitored.
To edit Application modification detection, open Advanced setup > Protections > Network access protection > Firewall > Application modification detection.
Enable detection of application modifications—If selected, the program will monitor applications for changes (updates, infections, other modifications). When a modified application attempts to establish a connection, you will be notified by the Firewall.
Allow modification of signed (trusted) applications—Do not notify if the application has the same valid digital signature before and after the modification.
List of applications excluded from detection—This window lets you add or remove individual applications for which modifications are allowed without notification.