The first checkbox is to choose whether or not you want to Enable WormStopper. I recommend that most users leave this option enabled as well.
If you do leave the Enable WormStopper box checked, you can the configure the options underneath it as well to set the thresholds for determining what should be considered "worm-like" behavior.
The first checkbox lets you select Enable pattern matching. Leaving this enabled will allow the ActiveShield WormStopper function to analyze network and email communications for basic patterns that are suspicious or appear similar to the way worms act.
Many worms propagate via email. Sending an email to a large number of recipients, such as your entire address book, or sending separate emails to each address in your address book all at once are not things people normally do and may be signs of suspicious activity.
The next two checkboxes let you establish whether to look for these signs and just how many emails or recipients should be allowed before it is suspicious. You can enable or disable the ability to monitor for how many recipients receive a message, or set a threshold for how many emails in a specified time span would be worthy of an alert.
I recommend you leave these enabled and leave them on the defaults, but adjust the numbers if you find the need, like if emails you mean to send are being flagged by the WormStopper.