Here's a descrtion of a "Network Activity" Conviction mode from the online Help. This section is specific to Clarity/Cisco Security Connector (eg the iPhone connector), but I'm reasonably confident it applies across the board.
Conviction Modes
Conviction Modes specify how the Clarity module of the Cisco Security Connector responds to suspicious network activity. There are three modes available:
*
Active Block checks that the traffic is not destined to a malicious or blocked address before allowing the connection. This provides the highest level of security but there will also be latency with each network connection.
IMPORTANT! Even in Active Block mode connections will eventually be allowed if the device is unable to reach the Cisco cloud to check the disposition of the destination address.
*
Block allows network connections while simultaneously checking if the destination address is malicious or blocked. The initial connection will be allowed but all subsequent connections to a malicious or blocked site will be blocked.
*
Audit will allow all connections but any connections to malicious or blocked sites will be logged.