I've tested adding Steam.exe to the auto-sandbox whitelist, and it does not affect whether or not avast sandboxes a program launched by steam.
@ DavidR:
I honestly don't see what the problem with adding that feature. You can already whitelist entire folders from the FSS using the Exception List. This is just a little more secure. We're doing a check instead of an ignore. We are saying, "Okay, was this program launched by a white listed program? Yes? Run it without sandbox. | No? Sandbox it.". Where as let's say I add an exception to the FSS instead, there is no checking. It's just ignoring anything in that folder/sub-folders.
And I'm not saying that if I whitelist steam.exe, that there is infinite inheritance down the line. For instance, let's say I tell steam to launch my game. My game goes to launch a secondary '.exe'. My game isn't whitelisted to launch other exe's, so avast can go ahead and check to see if it wants to sandbox it as well, or even opt to try and sandbox the first exe. I'm sure the logic behind that would be more complex than what I'm saying, but you get the idea.
On-top of that, if I'm adding an exception to Avast concerning a program to whitelist, I'm already taking the risk and responsibility if there is malicious code. I generally trust the content in my steam folders. Steam put it there (Most of the time). If avast is sandboxing a game, there is a high probability I'm just going to ignore the sandbox warning anyways unless I don't recognize the URL or game.
So, Yes while I'm lowering my security by placing trust in a program (steam.exe) and looking for convenience, I don't want total lack of security either. I'm looking for a balance between some sense of protection and not having to whitelist every game I install off of steam.
So, the moral of this entire thread? I'm lazy as hell.
