I'd have to disagree with this as well. I use an older sandbox application and it also verifies checksums and alerts when a program changes. The reason is simple - as a "trusted program" you have given it certain rights that non-trusted programs don't have. Since there are a lot of malware that either modify or replace known programs, they could overwrite a trusted executable and therefore get all the rights that your HIPS or firewall allows that program. A checksum verification is to prevent and alert that a "now different" program than was originally approved is trying to use those trusted settings. I think that there is a different feature that would be more appropriate for getting the functionality you want, rather than weakening the entire "trusted" program capability and possibly allowing malware to slip past, that would be some sort of exclusion capability. I think OA has the ability to exclude programs or maybe just directories... http://support.online-armor.com/forums/viewtopic.php?p=19842 If you feel something is so trusted that you don't want the HIPS or firewall to alert you about it, then excluding it might accomplish what you want. I'd rather a vendor provide that kind of capability versus allowing any and all trusted programs to change without any type of alert or notice. Heck, notepad could be replaced with a trojan and since most people automatically assume notepad is okay, the trojan would run fully trusted.