System-wide sandboxing of all non-system software

[ghost]

It would be great if Sandboxie could:

• Scan selected drives and directories for executable files
• List scanned files and directories
• Allow users to easily select all apps they wish to sandbox or sandbox all apps
• Allow users to disable/enable permissions for each listed app based on desired criteria without having users create sandboxes for each app

It would be kind of what Microsoft tried to do with UWP apps and "Privacy & Security" settings where it allows user to select permission for UWP apps to access music, video, and whichever other library directories, but Sandboxie would do that for all non-UWP apps. For example, Windows does not have a network permissions at all. Either the app itself provides options to disable network access or user must do so with firewall settings. That often results in delays or errors if an app continues to try to access the Internet or local network over and over again, but there are no errors or delays when network is physically disconnected. I'd love to be able to just disable network access for whichever selected apps with an easy toggle on a list of apps detected by Sandboxie, but without having to create a sandbox for each app and without denying other permissions. GrapheneOS, for Android, allows disablement of network access to any selected non-system app (via "Network API is Up/Down" switch, I think) and runs each non-system app sandboxed by default. Windows can't do that on its own.

If Sandboxie could become a system-wide suite to take all 3rd party apps under its protection by automatic sandboxing and permission toggles (not just network or any kind), it would be just grand and be a huge blow to Microsoft's UWP system.