I understand your position for CIS although somebody would try to run it out of the sandbox thinking that is safe and is not working because a sandbox problem but for CAMAS have you found malware able to do the same thing?
If there is any I think that you should try to fix it to cheat the malware allowing to CAMAS to give the proper verdict.
I think Axxxx’s point is that the user may be tempted to make it trusted if no attempts to do anything naughty are logged when it is in the sandbox.
But that’s not how we want users to use the CIS Sandbox, I think. We want them to wait until C pronounces it safe or until they are able to be sufficiently sure by other means (eg provenance, Valkyrie + CIMA, other users etc) that it is safe.
Still it is very useful to know if some malware do this. Ta Axxxxxxxx