I am a little unclear on exactly how much less secure the 21 day "auto-learn" mode is.
The documentations says it's "less secure," but it doesn't say anything about what potential security risks there
from running in this mode.
When in Auto-learn mode, will ZA potentially give permission to programs that would otherwise NOT be granted permission?
Will it give permission to programs when it doesn't know what they are?
I understand that the purpose of the Auto-learn period is to generate fewer alerts, but it seems like this can only come with a rather serious potential cost to security.
It seems like the potential risk
rather high since it could give permission to programs that shouldn't get it.
Auto-learn is essentially still "safe" for 21 days, why isn't it safe to run the system in this mode indefinitely?
Couldn't a breech happen during this 3 week period?
Thanks for any details on this,