I'm not sure what you are asking about...
Who performs tests when starting an application? Well, the File System Shield does... and, as an auxiliary result of that scan, the information about the "autosandbox suspiciousness" is returned - and used. Note that the AutoSandbox settings are in the File System Shield settings.
The Behavior Shield isn't really part of this... because the decision on whether to (auto)sandbox the application or not has to be done in advance, before the application is really started - while the Behavior Shield monitors the behavior of the application when it's already running, i.e. later.