How to configure the sandbox?

I have been watching languy99`s videos at youtube. I saw him turn off the option in sandbox settings callled " automatically detect installers/updaters and run them outside the sandbox"

Is this recomended? Will CIS be more safe with it turned off or will CIS be just as safe with this option default on? I notice that when I turned it off, I got a lot more popups from CIS

this applied to version 4.0, in version 4.1 you can leave it enabled, things have been changed to make it easier to use.

I asked this question before White - answer is that,
This option only applies to trusted\signed\white-listed installers.

Thank you for your answers! O0

I have turned it on and will leave it on