I heard that if you have HIPS enabled, and you give installer/updater status to cmd.exe, then it solves the problem that certain programs have with embedded code detection for cmd.exe.
I tried it, and it works.
But is it safe?
Most likely not safe.
example: app launched with cmd attempts to kill notepad
Embedded code detection ignores executable launched via cmd. With installer privs, you get no alert when it happens.