See the attached image. Are the 2nd and 3rd “Run virtually” rules even required if I have the first one set to Any - Any for all sources and all applications? To me it seems like I don’t need them since the first one should catch any app from anywhere. Am I right?
[attachment deleted by admin]
Most likely you’ve changed them previously but forgotten? Below you can see how it looks like by default in Internet Security Config.
Edit: sorry I misunderstood the question, yes if you edit the rule in question then the other two below it are useless and you may remove them.
[attachment deleted by admin]
Is it even possible to create a rule which doesn’t actually sandbox the file, but does “bind” Behavior Blocker to to that file/process? That would be rather cool if you for whatever reason don’t want to use sandboxing because it interferes with your work too much, but you still want Behavior Blocker to keep an eye on unrecognized apps behavior. Which is probably far more resource friendly than Behavior Blocker monitoring ALL files, even the trusted ones. Unless trusted ones are excluded by default if you set Behavior Blocker to analyze all files and not just the sandboxed ones…