RejZoR is right, but I have some comments. Autosandbox is triggered only on the first suspicious file, i.e. all child processes are sandboxed automatically if the parent process is virtualized. What does it mean in fact? If the main installer is trusted, it usually unpacks a few/lot of files in temp folder. Every such executed app from temp will mean a garbage in our exclusion list. Autosandbox exclusion list will be probably improved in R4 update (say in ~3 months), there're several limitations in the current avast version I don't like (all paths are bound with volume letter, stored in avast5.ini, etc). I don't like hashes, because their computation is quite slow -- but I can realize combination of filepath & hashes (e.g. temp exclusions can be recognized by hashes, others by filepath). This won't fix all problems, but it'd help a lot. The other problem is with avast global exclusion list, we can think it over for R4 build.