This is a hard question to make so I will do my best.
In D+, Sandbox Settings, we have 2 options:
Automatically detect installers/updaters and run them outside of sandbox
Automatically trust files from trusted installers
With the releases of digi-signed malware, I ask from professionals/experts this:
Is it better to turn on for ease of use or turn off for security?
Languy, what would your recommendation be?