I think everyone would agree it is best practice to only run safe code on any machine.
If that is the case, then why not only have one classification that really matters, which is Safe / Clean, and then have another classification call Not Safe, which contains any file that does not have a Safe verdict, whether it is malicious or not?
Here is a quick analogy. If you only like green M&M’s, why bother trying to figure out how good or bad the other M&M’s are? Why not simply eat only the green M&M’s?
I understand that VS / WLC does this backwards from the industry standard, so my question is, what are the downsides to doing it this way? Maybe I am wrong about how I have always viewed safe files, and maybe we need to change to the industry standard.
On a side note, I have felt this way since 1983 when the movie War Games was released, and I was downloading games and code from BBB’s. I told myself, I am only going to download the code if I am certain it is safe.