Hi,
Before I get into sandboxing, you need to implement "Only scan modified or new files" in System File Protection.
If you did that, more users would keep the File System Protection on as performance would dramatically increase particularly after full-system scan. I don't want Avast to scan firefox.exe each time I start it, if the file properties of firefox.exe remain the same. Unnecessary loss of performance. Where's the option to skip files/archives over X amount of MBs?
Now, I introduce to you Hybrid Mode; an alternative System File Protection shield.
Options:
1. Auto Sandbox Signature Based (doesn't scan inside file, looks up the files properties in signature database, if it's a hit Auto sandbox.
2. Auto Sandbox Cloud Based (apps user report as malicious are launched sandboxed)
3. Auto Sandbox ( in other words, keep the packer options from other shields)
x Installers
x files with specified file name
x files with specified extensions
4. Auto Sandbox Ask for:
x new executables
x modified executables
x all executables
Note: Upon prompt, whether the user selects run normal or sandboxed, there is a "remember my selection for this file" option. If checked there is a verification prompt, "are you sure?"
5. Auto Sandbox Explorer and Known Web Browsers.
You see, this is perfectly suited to the user who performs manual scans.
It's the options I'm missing.
Great Product.
A Security Enthousiast