Sadly, the problem with Aegis comes with its policy; currently, you are still to see <sarcasm> "the best of it" </sarcasm> : its current policy is rather allowing to applications from the unknown source (aka unsigned applications). How this policy will be in later firmwares is something I don't know. The hints that are in the current firmware's restok.conf file do not look good, but for the time being, I am giving them the benefit of the doubt.