I updated from 7.0.1407 to the R2 beta 7.0.1414 to try it out, but it looks like the default sandbox option is "auto". That would mean that by default, our application is sandboxed and terminated after 10-15 secs, leaving the user the option to open it next time either in the sandbox (recommended) or normally. The average and the cautious user will use the default, but then each time the analysis is done and the application is terminated. Why?
If I change the autosandbox option to "ask" and tell it to run in the sandbox all works fine. So to use our application (and other similar apps), every Avast! user must either allow it to run normally next time and start our application again or a) first find the autosandbox configuration setting b) change it to "ask", c) run the application and d) confirm that they want to run it in the sandbox. This is quite cumbersome and virtually impossible to explain to beginners (large part of our users).
I would like to suggest that the sandbox is ONLY terminated if the analysis finds ENOUGH evidence that the application is malware. Otherwise, explain to the user that the application is being run in a sandbox and changes are not saved and ask if they want to continue. So e.g. change the OK button to a Yes/No/RunNormally button (with the default to Yes) and change the combobox to a checkbox to remember this choice. This makes much more sense.
In the R2 beta it now shows that the reason for the sandbox is that "The file prevalence/reputation is low". Since our application is initially local and updated frequently, this will usually be the case. But it is signed with a trusted COMODO code signing certificate. Again, is there any further documentation on this?