Would it be possible for CIS4 to have different rules sets for different risk areas’s (e.g. the current set selected - deselected in D+ settings)
Normal/trusted files - this could be reduced to installing drivers - direct disk - protected registry keys
My pending files - since the user is unsure treath them with the default rules set of protection modus chosen by the user. Preferably the highest set: only offer an option to not show pop-ups, but report only to the heuristics module.
Programs in sandbox - since this are obviously the most suspicious programs