1. What actually happened or you saw:
To use Viruscope without Sandboxing you have to either set it to monitor ALL apps (not just sandboxed) or you have to strictly keep the Run Virtually or Run Restricted rules in order to use Viruscope which removes certain convenience from power users.
2. What you wanted to happen or see:
Add third option “Monitor without Sandboxing” which gives users ability to let CIS run files non-virtualized/unrestricted, but still keeping an eye on them with Viruscope (even when it is set to monitor only sandboxed files).
3. Why you think it is desirable:
This way only Unrecognozed files are being monitored by the Viruscope (instead of ALL when you disable "Monitor only sandboxed applications), causing less of a performance drag on the system while still monitoring unrecognized files for malicious behavior and giving the user convenience of running everything unrestricted if they desire to use CIS in such a way.
Basically the same behavior as Run Virtually/Run restricted without actually virtualizing or restricting executed files.
4. Any other information:
None, you can ask me if anything is not understandbale and I’ll provide you with further details/explanations.