Do you get the alert for Explorer starting the installer or is it an alert for the installer?
In case the alert is for the installer you can give it the Windows System Application policy which is also allowed to start other applications without asking for permission. Just don’t tell it to remember the rule.
Can you check under Sandbox Settings if “Automatically detect the installers / updaters and run them outside the Sandbox” and “Automatically trust the files from the trusted installers” are enabled or not? Or post a screenshot of Sandbox Settings?
Good question. I don’t know for sure; I am starting to loose some of v5’s very specific details.
I would say start with enabling the Sandbox and “Automatically detect installers an run them outside the sandbox”. That’s a combination I know works. You can then always see what happens when you disable the sandbox.
Enabling the Sandbox will not influence how CIS works for you. It is for executables you want to specifically run in the sandbox either because they are not automatically sandboxed or you want to run them with added functionality like virtualisation and/or a different sandboxing level than the automatic sandboxing.