I believe "barrier" mode is "hardened mode".
If that's so, aggressive detection methods always carry a risk of trusted files being blocked, specially if they are new and/or don't have a Class 3 signature.
This is usually the case with less known programs from small developing groups.
Hardened mode affects CyberCapture analysis, as untrusted code is not executed at all and doesn't reach this layer.
Without this mode active, you are still protected by IDP (behavioural blocker) and CyberCapture. Web Shield prevents downloading secondary payload.
Hardened mode is recommended for users that are involved in risky behaviour e.g. frequently downloading apps from untrusted sources, such as torrents.