I have been searching for explanation for this undocumented registry key but all I could find was some reference to taking ownership or running as Administrator, without really explaining what that particular registry value (not key) is designed for.
I also found this link that suggests that:
HKEY_CURRENT_USER\Software\Classes.exe\
shell\open\command | IsolatedCommand =
""%1? %*"
is related to spyware. Is this true? If so, how?
Any idea what this "IsolatedCommand" value is about, and why would Microsoft create a registry value that would help spyware?
Best Answer
What you're seeing is apparently a symptom of the Win32/FakeRean. Briefly,
When Windows is trying to determine what to do with files of any given type, it generally consults the
HKLM
branch in the registry for a entry for the desired type. However, if you've ever installed software that asked if you wanted it to be available for you alone, or for all users of the machine, you've seen a feature that's built in to Windows. When you say "Everyone," its registry entries are generally written to theHKLM
hive. If you said you alone, those entries generally go to theHKCU
hive. WhatWin32/FakeRean
is doing is putting entries in theHKCU
hive which take precedence over those in theHKLM
. For executable files, that can be bad.Unfortunately, I can't find any documentation for the
IsolatedCommand
key (I've consulted both TechNet and MSDN) but from its name, I'd guess that it controls how a process is created. I can tell you that it is normal and required in theHKLM
hive.