Instead of allowing an unknown program to either run in the sanbox, or deny it, there should be an option to suspend a program while the application is analyzed in the cloud, then a result will be sent back and allow the user to “resume” loading the program instead of having the user run the program in the sandbox or deny it all together and then have to load the application all over again after the application is looked up.
The image execution can be set to consider unknown apps as untrusted, ect. but this is too automatic.
Say a user wants to install a program. Comodo will alert program.exe is unknown, do your want to
Allow (continue installation anyway)
Deny (do not install)
Sandbox (install in sandbox)
Suspend install (and Lookup/analyze in cloud)
Comodo has analyzed the application by installing it in the cloud and found no malicious activity. Do you want to
After the install is complete, maybe there would be another prompt when the program is launched…
Comodo has previously analyzed this program by installing it in the cloud and found it to be safe. Do you want to launch it?