- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the compliment, but I want to temper your enthusiasm slightly. From page 83 of the ThinApp 4.6.1 PDF:
ChildProcessEnvironmentExceptions
The ChildProcessEnvironmentExceptions parameter notes exceptions to the ChildProcessEnvironmentDefault parameter when you want to specify child processes. When you set the ChildProcessEnvironmentDefault parameter to Virtual, the ChildProcessEnvironmentExceptions parameter lists the applications that run outside of the virtual environment. When you set the ChildProcessEnvironmentDefault parameter to External, the
ChildProcessEnvironmentExceptions parameter lists the applications that run in the virtual environment.
Examples
You can specify exceptions to running child processes in the virtual environment. When the virtual application starts a notepad.exe child process, the child process runs outside the virtual environment.
[BuildOptions] ChildProcessEnvironmentExceptions=AcroRd.exe;notepad.exe
ChildProcessEnvironmentDefault=Virtual
Why should this be cause for concern? I can't say with certainty, but I see the potential for exposure to security risks when processes are handled in non-default ways. In the example above, Acrobat Reader and Notepad will launch and run outside the virtual environment. Same is true if you utilize these switches to accommodate the svchost.exe issue. Has this approach worked for me with some applications? Yes. Am I still a little concerned that processes are being kicked off outside the bubble? Yes. I don't know if security is diminished via this setting, nor do I have any concrete evidence thereof, but I thought it warranted further explanation.