By default process set kernel_ps, systemd_ps and remote_file_ps do not have tuning option under file rules and policy access controls, therefore user is unable to update these sandboxes using update sandboxes from violation events wizard. This is expected behavior however, there is a hotfix to prevent the sandboxes from showing when the wizard is ran.

Install DCS Console 6.9.3 #372 build or upgrade from previous build.
Apply prevention policy to the agents.
Make sure agent receives a policy and then reboot the agent.
On console go to: sym_unix_protection_sbp -> Update Sandbox from Violation Events
Select duration and hit Next

Result:
Sandboxes kernel_ps, systemd_ps and remote_file_ps should not be shown under update sandboxes from violation events wizard