I have a suggestion regarding the overall protection capabilities. Developers can maybe consider this suggestion for future releases.
My idea is to implement a sandbox for suspicious files.
The "Open File" option that is currently available on the "Suspicious File Alert" can then be replaced with "Run in Sandbox", or something more user-friendly.
This will allow users to work seamlessly with low-prevalence/unsigned files, without these files being able to access critical resources and information, or wreak havoc.
It might also work as a selling point for advanced users.