1. What actually happened or you saw:
We cannot tell the sandbox to ASK us how to handle a specific file, filegroup, or reputation.
2. What you wanted to happen or see:
I want to be able to have the sandbox ASK me what to do for an entry in the “Auto-sandbox” list, instead of just “Block”, “Ignore”, “Run Virtualized”, and “Run Restricted”
You would create an entry in the “Auto-sandbox” list just like you normally would, but instead you would be able to select “Ask” from the “Action” drop-down.
The popup will also need to be tweaked
a) Block
b) Run Virtualized (with a select box for the restriction level)
c) Run restricted (with a select box for the restriction level)
d) Ignore
e) Treat as…
-Trusted, Unreognized, Malicious
-Remember checkbox
FOR OPTIONS “a” THROUGH “d”:
-If "Remember is checkboxed, add/modify entry in the “Auto-Sandbox” list
–If the individual file is already in the sandbox list, modify the entry to reflect the selection (with restriction level, if applicable)
–If the file is within a group on the list (but not an individual entry), add an individual entry to reflect the selection (with restriction level, if applicable)
FOR OPTION “e”
-If "Remember is checkboxed, add/modify entry in the “File List” to reflect the selection
If the user wants the sandbox to always ask, they will have to add the entry to the “Auto-sandbox” list themselves (this is how it works for the firewall and HIPS).
Moreover, “Auto-sandbox” is a silly name for the list. Rename it to “Sandbox Rules” like you have “HIPS Rules”. This isn’t really worthy of a separate wish.
3. Why you think it is desirable:
The sandbox can really mess up installations and other procedures being done by applications that don’t have the tolerance for failure. I believe we should be able to tell the sandbox what to do for each specific entry in the “Auto-sandbox” list (this includes the file rating).
Moreover, you’ve made drastic changes to the sandbox, but still have three built-in reputation levels that haven’t really been used properly. It’s great that you allow high amounts of customization, but it has become confusing.
4. Any other information:
The relationship between the file list, file groups, and auto-sandbox list is confusing. Instead of adding a file as trusted to the file list when I tell the sandbox not to virtualize it again, it adds an “ignore” entry to the sandbox. I understand that you can set a “trusted” reputation rule, but quite frankly it doesn’t make much sense to even have the file list in the first place if instead of adding a trusted item you add every entry to the sandbox ignore list.
You have 3 built-in reputations, but you don’t use them the way you used to use them; therefore something needs to be changed.
Moreover, I’ve noticed that when it’s added to ignore it nags me every time that executable is run. If I turn off sandbox alerts, then I’m pretty much ruining any chance I have of knowing when the sandbox is messing something up. I will make a separate feature request to have a checkbox to inform the user with a notification every time a rule is fired.