Application Instances

Application instances are also known as processes. An application may have several instances running at the same time, e.g. several processes of Internet Explorer. Each process might be isolated or not. Isolated processes could be recognized by colored caption or 'G' letter button.

Usually there are no restrictions on the number of application processes. However, some applications work only with a single active instance by default. For example, all pdf files are opened within a single Acrobat Reader process, acrord32.exe. That leads to a problem when you need to open trusted and untrusted pdf files. In this case, both trusted and untrusted files are opened in the same process, which might be isolated or not. If untrusted file is opened by non-isolated process, then it may perform malicious activity without any restriction. Security border is enforced on per process basis and there is no way to safely open untusted document in non-isolated application. In opposite, a trusted file opened by isolated application cannot be modified and saved properly.

To resolve the issue GeSWall forces certain applications, such as Microsoft office Word, Excel and Adobe Acrobat, to start new processes for opening associated files or documents. Whenever you click on a document associated with those applications it is opened in a separate process. The same happens when document is opened via reference link on the web page.

Additionally, GeSWall starts a new process of Windows Explorer for opening zip archives. An untrusted archive is opened in isolated Windows Explorer window.

Files in isolated window are not labeled as untrusted, but effectively they are untrusted. Clicking on the files leads to opening them in isolated applications and extracted files are labeled as untrusted. Only copying operations do not preserve untrusted label.

Note, that enforcing separate processes described in this section is not supported in Windows Vista.