- Aug 2, 2014
- 368
This is isolated info that is good to know but barely answers my original question, why Process Hacker shows chrome.exe processes an integrity level of Untrusted instead of AppContainer. While both @dmex and @ionescu007 concur and quote:Untrusted = low box token
Appcontainer = low-box token modified based on "capabilities" set by the developer of the Metro App.
AppContainers are unrelated to Integrity labels so why should Process Hacker show 'AppContainer' instead of the integrity label value (e.g. Untrusted) ?
Chrome also doesn't use the AppContainer infrastructure and chrome processes don't have any AppContainer SIDs in their process token.
Obviously they and here you guys assume I have knowledge clearly I have not. So it's kinda hard to put together all infosDmex is right, that's actually a 'bug' in Process Explorer.
However here's an actual bug, for a Chrome process, PE shows the NULL SID
correctly/restricted, while PH does not.
Best regards,
Alex Ionescu