“Automatically detect installers\updaters and run them outside the sandbox”
I need some clarification please… Does this mean any installer\updater is run outside of the sandbox? Regardless of of its on the whitelist or not? Trusted\untrusted ?
Installers might not work correctly if automatically sandboxed:
If that option is enabled safelisted installers will not be automatically sandboxed but not-safelisted installers (or applications with an elevation manifest) will trigger an elevation alert before execution.
Even if that option is enabled some installers might not be recognized and will be automatically sandboxed (eg if they don’t have an elevation manifest): in that cas the workaround is to append words like setup (or installer) to the installer name (D+ installer detection might work in a similar way to UAC Installer Detection Technology).
Ok, great. Thank you
There is another aspect I recently reporduced which might be necessary to point out:
When ‘Automatically detect installers\updaters and run them outside the sandbox’ and sandbox is enabled some unrecognized applications which are not installer might trigger elevation alerts (safelisted application might get such D+ elevation privileges automatically):
Allowing such elevation alerts for those applications will also allow such app to launch other 3rd party unrecognized apps outside the sandbox:
eg:
Process hacker application will usually trigger a D+ elevation alert.
CLT will usually trigger elevation alerts as well upon execution.
If Process hacker is allowed to get D+ elevation privileges and it is used to run CLT (Hack menu\Run… entry) no D+ elevation alert will be triggered for CLT.exe and CLT.exe will be treated as safe, get full privileges and run outside the sandbox.
I assume that on Vista an later OS CLT should still trigger UAC elevation alerts or run under limited priileges (whenever UAC is enabled or a limited account is used)