Not selecting sigflags value for a sandbox execution options list of services that may not run results in Q01 service flag sigflags attribute being dropped from minus file.
1. Create a 6.0 policy with strategy=basic 2. Edit the policy 3. Click Advanced option 4. Under Advanced Policy Settings, click Sandboxes 5. Scroll down to the "Fully Open Sandbox" and click Edit 6. Under Sandbox Execution Options, check the Edit box next to "Programs the Fully Open Services may not run" and click Edit 7. Click Add 8. Enter C:\test.exe for Program Path 9. Leave Signature Flag blank 10. Enter NoRunRuleName for Rule Name 11. Click OK 12. Save the policy 13. Apply the policy to an agent
Minus file should contain sigflags value containing value for service flag (Q01)