Have you already any idea how to improve the whitelist using DACS?
What about something like this:
If after 2 weeks of an undetected file by DACS the file remains undetected, the file goes to the whitelist. The file also need to be seem several times, so you can be sure that the file is quite extended, so have more chances to be a popular safe file
Is not 100% perfect, anyway you are having problems with some trusted certificates in malware so I guess that this process is not completely manual either