Allow Sandstorm to show every request to help debugging
Sometimes I find Web sites that appear to be unresponsive unless I add an exception to the XG to skip Sandstorm scanning for them (or create a clone rule that has "Scan for zero-day threats with Sandstorm" disabled.) I spent over three hours with Sophos tech support trying to figure out why this was happening because nothing was showing in the sandboxd log, and it couldn't be set to debug log level to confirm if this is a bug or if Sandstorm is working as designed.
So please add a debug log level option to sandboxd and allow it to display in the Detailed GUI log viewer to aid troubleshooting issues like this.
Version 18 will provide a lot more informaiton around Sandstorm activity, in the report and in the log viewer.
One such site that Sandstorm doesn't like at this time is software.garmin.com.