Separate Application Network Rules for Sandboxed and Unsandboxed

We all know that CIS now automatically allow outgoing for trusted files, and there are specific “outgoing allow” rules for windows system applications, which might be used by unrecognized programs, hence the appearance of a security risk.

For example, svchost always has something to do with viruses, and since it’s in the “windows application” group, it can have outgoing access even if it inherits the “sandbox restriction” from sandboxed viruses, who want to use svchost to connect to the internet.

So my wish here is that future version can include a feature to divide the Application Rules for applications running sandboxed and unsanboxed.


Edit: Just to add a poll.