What Harlan is saying is these restrictions apply to the apps and processes that have been put in the relevant group. It does not apply to any actions you or other users perform in folders, as these actions are done via the trusted explorer.exe. To restrict other users from accessing, changing and deleting files, you will have to create user accounts for them and manage the folder permissions in explorer accordingly.
If some ransomware script or executable wants to access or change resources (folders) you’ve added as protected, this will be blocked.
Also, you can see restrictions as Harlan explained or by accessing this:
support.kaspersky.com
There is no sandboxing, ignore the bot.
Kaspersky uses dynamic emulator (like many other AVs if not all) to execute instructions of interest and monitor how the app behaves
before you execute it.
This allows for more efficient detection of packers and obfuscated malware.
The higher the heuristic aggressiveness level, the more instructions are emulated, according to Kaspersky documentation.
Dynamic emulator is
not related to Intrusion Detection.