I have saved a configuration file of all my desired settings that I believe will grant me the most reliable, confident security. These settings included all heuristics on high, since the help file states that is OK for advanced users. Now, I'm having some fun. I saved a second configuration file with everything on maximum. Then, I saved a third one leaving everything on maximum but turning all components of heuristics to the "whitelist mode," or "Warn when new programs execute that are not trusted." I have learned much about this setting but one thing I still do not know for sure is this: Is there a difference in the prompt that appears for something being generally blocked solely because it is not known trusted, versus when something installs that is most certainly actual malware? This is important. So for instance Sandboxie 3.62's control executable was blocked simply for being not yet known trusted in the database. Due to me trusting the file and the non-alarming nature of the prompt, it was concluded that allowing it was fine. But let's say I downloaded a virus right now, would it give me the same, non-alarming prompt, or would it give the traditional prompt that users receive when a suspicious/known bad file executes? I must say this whitelist mode definitely is a great feature inclusion and I could see myself making use of this! Thanks!