I want all executables from anywhere but C:\ to go automatically in sandbox, but I don’t know how!
I tried launching an empty .bat (.bat is included in the built-in executable group I’m using) put on a different location than C, but I get a normal hips alert (block/allow it).
I already made a custom group which includes most of the possibles drive except C:\ and the rule is enabled and I also already read the help page, but it still doesn’t work.
On a side note (unrelated to previous problem): I had a digital unsigned (and supposedly safe) .exe put on a pendrive and when I launched it, it asked me if I wanted to allow it, block it, or even run it in a sandbox, with the latter option never happened in an hips alert before! How can I make it a default behaviour for every executable?
Also oddly, for this alert I saw in the logs for the first time some key-words put in bold, never saw this before either!