shrivastavaa
Enthusiast
Enthusiast

>>I don't know if security is diminished via this setting, nor do I have any concrete evidence thereof, but I thought it warranted further explanation.

Let me try to answer it,

ThinApp without this parameter will always run all child processes inside the bubble. What does it mean? It means that all the changes will be limited to bubble(merged isolation will still go to system), the child process can access the files inside the bubble (PDC/SANDBOX). And if there is some specifc setting for virtual process; that will be applied.

Though if launched out of bubble, application will be running oputside the bubble, with no control of ThinApp. Which means that it can change system folder and registry (which you may or may not want). It *can not* see inside the folder. And any specific setting for the virtual process will not be applied to it.

Setting could be any thing from privilage to environment variable.(you may ignore this for the moment;)

So if you know your process will not change anything in the system (or you are fine with it doing that), your process does not need any access to the resource inside the bubble. Than you *may* launch it outside the buble.