Forum Discussion

szilvaa's avatar
szilvaa
Copper Contributor
Sep 15, 2020

Are child processes "break away" or not by default?

Hello, I'm experiencing some difference in behavior between Windows 10 2004 and earlier versions. Here's my scenario: I'm creating an MSIX package for my application. I want my main executable a...
TIMOTHY_MANGAN's avatar
TIMOTHY_MANGAN
MVP
Sep 16, 2020

szilvaa I believe that this is a change in the 2004 Runtime.  

 

Prior to 2004 OS, my experience was that by default child processes would run outside of the container, but now on 2004 breakaway is disabled.  My recollection is that if I controlled the process launch, the controls you show could be used to control breakaway previously, but now on 2004 those controls are ignored.

  • szilvaa's avatar
    szilvaa
    Copper Contributor
    Sep 16, 2020

    TIMOTHY_MANGAN Thanks!
    Yeah, in the meantime I figured out that child process breaks away if the exe image is under AppData (i.e. LocalCache). The child process does NOT break away if the exe image is in VFS. This makes some sense. 

    So, my "only" remaining problem is that PROCESS_CREATION_DESKTOP_APP_BREAKAWAY_DISABLE_PROCESS_TREE does not appear to work at all with 2004. The process launched with this flag does not "see" the containerized files and registry keys. I need this flag to work so that child processes whose exe image is in AppData  will remain in the container. At this point, I don't have any way to force this.

    • szilvaa's avatar
      szilvaa
      Copper Contributor
      Sep 16, 2020

      For good measure, I also tried to combine PROCESS_CREATION_DESKTOP_APP_BREAKAWAY_DISABLE_PROCESS_TREE | PROCESS_CREATION_DESKTOP_APP_BREAKAWAY_OVERRIDE but it doesn't help.

      The documentation for PROCESS_CREATION_DESKTOP_APP_BREAKAWAY_DISABLE_PROCESS_TREE is "interesting". It doesn't say anything about the "process being created". It only talks about child processes of the process being created. The documentation for PROCESS_CREATION_DESKTOP_APP_BREAKAWAY_OVERRIDE is does talk about the process being created so the combination should definitely work. 

      This appears to be a bug. Do you know how I can report these?

      • TIMOTHY_MANGAN's avatar
        TIMOTHY_MANGAN
        MVP
        Sep 16, 2020

        szilvaa There is a chance that one of the Microsoft Engineers will respond here, but running a test and then entering it using the Feedback Hub on your device would be the way to report this.

         

        I suspect that you will find that this is "by design" now.

         

        An interesting thing to look at is to use Process Explorer (started with RunAsAdmin) and look at the "Jobs" tab.  The Container is where Microsoft sets the Breakaway by setting it in the Job of the first process inside the container.  This is what changed in 2004.  Any breakaway controls placed on the job appear in the lower pane.