yea yea 120 days... blah blah.
I actually agree with the OP... this area does need alot of improvment... >_>
though for me this is only a minor annoyance, rather than something to stop me from using it...
also, it doesn't sandbox for every case... it actually deals more with HIPS, but the issue is the same regardless...
(the issue being programs aren't remembered)
I have a program called "Nitrous Desktop" which is a trusted program for collaborative development.
upon startup, it launches a copy of itself from the user-temp directory, where about 3-4 exes need to be verified each time.
(I must've allowed this program (checking "remember") about 80 times by now)
I must note, while this program IS trusted, it's extremely WIP which is why it looks malicious.
I could suggest something simple such as putting the name of the exe in an allowed location in the HIPS settings...
or you could go a little more complex and store a copy of the exe for comparison... if it doesn't match, throw a note.
for an example of something that IS sandboxed...
I have a cracked Minecraft launcher because I don't have a credit card (1) and can't afford the game (2)... blah
upon startup after the thing updates, it gets sandboxed.
(I havn't found any threats with the launcher, so I do believe it's safe)