There is from years an option to lower rights for chosen aps...in some period of time this module was called "Sandbox". Info from help file "Restricted Apps tab SpyShelter Restriced Apps uses a restricted SID and hooks in order to protect your PC. This features allows you to choose applications that you want to run with lower privileges. Applications running in restricted mode have limited access to system resources such as registry keys, files, webcam, microphone, keylogging, hooks installing, usual administrative tasks (such as stopping, registering, running services and drivers) and so on. Other restrictions for applications running in restricted mode include: 1) Registry hive HKLM are not writeable (access to other registry keys can be also limited). 2) Restricted file access (as you can see in the appropriate SpyShelter tab). 3) Restrictions on other system objects (based on system security settings). 4) All dangerous actions are blocked automatically for applications running in restricted mode. 5) Children of restricted processes are also restricted. This mode can be used for running Web browsers, email clients, instant messengers, or any unknown program." You are right...a bit more advanced network monitor was mentioned on our (Polish) forums as a users suggestion but at this time no results of it. Similar was with feature like "process monitor" which can be useful and was in the past in most of HIPS/BB aps as you know for sure. Of course SS has his own list of active processes but as I remember it's only accesible when you don't want to encrypt keystrokes in specific app - an option "Do not encrypt keystrokes of processes specified below"/"Select a process from the list..." - and doesn't offer some others commands.