Which alert category indicates when a program is blocked because it is unknown?

When a program is blocked because it is unknown, the system uses an alert category that specifically tracks blocks of unknown or untrusted applications. This category, Blocked Programs Alerts, surfaces events where the application control policy prevents an executable from running due to lack of trust or reputation. It’s designed to help admins see attempts by unknown software to execute so they can decide whether to allow it, block it, or review further. Other alert categories serve different purposes: Malware Detection Alerts are for confirmed malicious activity, not just unknown status; Reclassified Files Alerts track files that have changed their threat classification due to new intel; Alerts Configuration pertains to how alerts are set up rather than actual security events.