When app gets automatically sandboxed, you can click “Don’t isolate it again” in the bottom right corner of the popup and the file gets instantly excluded, no questions asked.
While the idea is good if you know its a clean file, it can now turn into a disaster if you click it by mistake on a malware sample. In CIS5 HIPS would still prevent damage but in CIS6 i’m not sure if it would.
So, if you click “Don’t isolate it again” in the Auto Sandbox popup, ask user if he is sure that the file is clean.
I know it’s an additional step but it’s for the users safety.
And while we are at it, i’d also like to have an option to disable this button on Auto Sandbox popups so user cannot even click it. It would be useful for systems where users don’t have much clue and you don’t want them to make such mistakes or even intentional exclusions…