I have a suggestion for something that could be very important:
an option to virtualize an installation.
Currently, we have the choice between
- Declaring a process as an installer. That is: giving it all possible rights, without any control.
- Be “popuped” for all potentially dangerous action the installer will do. It is rather sure, because we can control everything, but very boring, in fact hardly doable.
I suggest another option: “Virtualized installer”.
This way, the installer process is virtualized, it believes this job is done, but when it terminates CIS displays a list of all its actions (file creation, menu entry creation, registry modification, etc).
At this moment, we know if it was a safe installer, and we have the opportunity to block some actions, or even cancel all the installation.
Only if we decide to authorize the installation, the files/registry/menu entries are physically modified.
A detail: I would appreciate to have the possibility of saving the installation log file. Even better if CIS have a page memorising all installations.
P.S. This cannot be done with the sandbox, it is not adapted for the installers.