defence+ not blocking program

I have sand boxed a program and i also created a rule under the computer security policy/customize/run executable/ exclusions/ blocked applications tab/ and added svchost.exe
(in order to prevent the program from using svchost.exe)

yet when i re-start i find the program running in the sandbox and using svchost.exe which i thought should be blocked…

is this because it is in the sand box and the computer security policy does not apply?

if a program is running the sandbox it follows the rules set by the level of the sandbox its set at (partially limited, restricted etc.) if you want to create your own rules for a program you will have to remove it from the sandbox and create rules in the computer security policy.