Isn't "Unrecognized files" more confusing now?

In V7 we had “Unrecognized” and “Trusted” lists, and we knew that everything in “Unrecognized” list ran with some restrictions, and everything in “Trusted” - without restrictions, and if needed we could (relatively easy) move files from “Unrecognized” to “Trusted”.

Now due to more flexible auto-sandbox not all files that go to “Unrecognized” list run with restrictions. I mean looking at Unrecognized list now, you can’t tell what runs restricted and what doesn’t. And I think that in turn complicates things when you need to manage restrictions “after the fact”.

I think the name still makes sense. However, perhaps some sort of indication as to whether CIS will run it with restrictions or not would be helpful?

The name still makes sence, yes, but managing restrictions is harder now I think.

If we could sort the list by restriction level, that could help manage restrictions.

Alternatively, current auto-sandbox settings looks kinda like global firewall settings, but for programs, don’t you think? So if we add equivalent of application firewall rules but for programs, that would make managing program restrictions very similar to filewall rules (global \ application), maybe rendering “Unrecognized” list obsolete.

What do you think?

I still think it would probably be helpful to keep the Unrecognized Files list as is, but add a column for whether it will be restricted or not. It’s still helpful to be able to see that all in one place.

However, if some sort of Auto-Sandbox application rules section were created, it could show the applications which were automatically restricted, and the restriction applied to them. The user could then choose a restriction level for each listed application. This would also serve to show only those which were restricted by CIS. This is similar to the wish submitted here, but still different that I think it’s fair to submit it on its own.

If you like you can create a Wish Request for this here.


Ok Chiron, here’s the question for you. How would you handle this scenario?

Let’s say you configured auto-sandbox to run files from downloads folder as"Limited" (if unrecognized).
After few hours there are 5 unrecognized files (for simplicity sake, 1.exe to 5.exe) in the downloads folder that has been run (as limited), so those 5 files are in unrecognized list, along with 10 more unrecognized files that has been run from elsewhere (so they’re not restricted).

So, now you need change restrictions, so that 2 and 5 would run unrestricted, 1 and 3 would run as partially limited. How would you do that?

Or what “wish” should be implemented to grant this ability?

So you have 1.exe to 5.exe in Downloads folder and you’ve set up auto-sandbox rules to run all files in the downloads folder as Limited, you then want to run 2.exe and 5.exe as unrestricted then 1.exe and 3.exe as partially limited while still having all of these files in the downloads folder?

Create ignore rule for file 2.exe and 5.exe and put it above the rule that says to sandbox files in Downloads folder, then create rules for 1.exe and 3.exe to run them as partially limited and again put them above the downloads folder rules.

Yes you’ll have to create individual rules for each application and it isn’t really an easy solution, I personally think that a new option should be added alongside the “Run Restricted”, “Run Virtually”, “Block” and “Ignore” called “Ask” ← Would probably make many people happy.