"if it can't execute" How redundant is using any sandbox if i use something like SSM in a clean machine, with "disconnect use interface" enabled (essentially the same as AE, blocking by default any new executables without prompts, and then some). What could the sandbox provide beyond this? Or what does the execution interception/ blocking fail to provide? In what scenario (pick any one, but keep it real!)? Any real past examples? Only if i intentionally execute something will the sandbox provide a more robust defense? Or objectively the sandbox will do more? Interesting post, thread Interesting, but i still need some aditional input. Comparing these two types of programs could give me what i'm looking for. I'm thinking of disconnecting the Ui, trading SandboxIE with SSM, which aditionally allows me to lock with a password, and let others use the computer at ease. Or simply use Prevx2, that does basically the same, and monitors my computer for malware (shot in foot and so on). But this input i need to form a final opinion. Forget these names, and focus on the approaches. Maybe provide examples with concrete programs, no problem (DW, GW etc.), as long as this isn't about which is best.