Does anyone have an opinion on the usefulness of sandboxing in endpoint protection software such as Comodo? The one boast I believe it has going for it is protection against ransomware, a boast I don't think non-sandbox competitors cannot offer.
I understand the main downside of sandboxing is that, as users encounter executables that are unable to run correctly in the sandbox the user would have to wait for us (IT) to whitelist the executable. On the other hand, since we are already planning to activate application whitelisting via Group Policy this sandboxing-inside-the-endpoint-protection sounds like an interesting alternative.
Thoughts?