Interesting discussion.
Has anyone tried to see if there is a difference in this behavior with Enhanced Protection Mode off/on?
There was a time when CIS used a different virtualization tech with EPM on. Dunno if it still does.
Kind regards
Mouse
Merged reports and updated in tracker
I have “Enhanced Protection Mode” on because I’m running Windows 10 home 64bit
Its important to note that this only applies to applications that require administrator/elevated privileges so any other application can be restricted by whatever sandbox restriction level set by the user will take affect. In this case AntiTest requires admin rights as noted by the UAC shield on its icon, so this only really effects installer/updater type applications which you shouldn’t put a restriction level on in the first place.
Thanks for the clarification, but this can be used to bypass the auto-sandbox