looking into Defence+ → View Active Process List I see that there are several Unknown applications run on my computer, but none is sandboxed (Sandbox level = Disabled). What’s up? Sandbox is enabled, Defence+ too. The OS is Windows XP SP3.
Though the documentation does not point it out (or at least I haven’t found in anywhere), the “Defence+ Settings → Execution Control Settings → Treat unrecognized files as …” checkbox must be checked. Enabling the sandbox itself is not sufficient.
On the other hand, it does not seem necessary to have the Image Execution Control enabled.
Image Execution Control keeps an eye on everything that gets loaded into memory. .See Execution Control Settings. It’s a layer of defense.
I would expect so, but when I disabled it, (newly executed) unknown programs still became sandboxed.