@Vlk
How does CyberCapture track files that are from web? For example, does it only process files that are due for execution directly via download or will it also process EXE that arrived from web via password protected archive and user gets a password separately? I've seen things like this before. Meaning the EXE will then actually arrive to existence locally, because nowhere along the way to PC was avast! able to have even a look at it, let alone actually scan it. Or can it actually physically track the sequence of files what creates what and what needs to be scanned?