Hi Bob,
thanks yet again for great feedback.
regarding "Trust Apple and App Store applications": that caption is wrong and changing it is in the pipeline. While this option causes us to trust App Store applications, trusting Apple applications is not an option; we now have a (rather too short) whitelist of apps we trust. The issue is that "when it can be coerced to damage files, we can not trust it". Eg. we can not trust unlink even though it is an apple binary.
As an addition, adding stuff like bash to a whitelist will basically allow script based ransomware to wreak havoc. And Finder is even worse - any process can delegate work to the common instance of Finder process without us having a clue on whose behalf it is working; and since osascript can turn Finder into "unlink"... I am afraid there is no alternative to current implementation.
regarding wish "Trust this app from now on": it is something we want to have and it is in the pipeline, but due to issues with the current implementation of the popups (we are working on a rewrite but it takes time) we are not able to add it there in the immediate future.
regarding disk image mounter: generic solution for these popups when mounting read only images seems possible; I will add it to the pipeline.
In general, Ransomware Shield is meant to protect rather static data, as only modification and deletion of files can (well, should...) trigger popups. Ideally the files should be edited by specialised applications which avast should ideally trust by default or which can be whitelisted manually. Any other usecase will lead to popups; it is the user's decision if it is worth it. Of course we will attempt to make it as seamless as possible and welcome any input from the users, but there is only so much that can be done.
Kind regards,
Ondrej Kolacek