An apparatus includes a memory and a processor. The memory stores a first list of applications that includes a first application and a second list of applications that includes a second application. Each application of the first list is assigned to a first trust level, indicating that a probability that the application is malicious is less than a lower threshold. Each application of the second list is assigned to a second trust level, indicating that a probability that the application is malicious is greater than the lower threshold. The processor determines that the second application transmitted a communication destined for the first application, and that the first and second applications are assigned to different trust levels. In response, the processor determines that a probability that the transmitted communication is malicious is greater than a threshold and prevents the communication from reaching the computer system of the first application.