The DirectoryIsolationMode settings are IMO poorly documented in the user manual and everything I find in this and other forums is just a repetition of what's in the manual. I have a number of questions that need clarification.
How do you actually configure a captured app to have Full isolation mode? All the manual tells you is that in WriteCopy isolation mode, the DirectoryIsolationMode parameter in the Package.ini file is set to WriteCopy, and that the %Personal%, %Desktop%, and %SystemSystem%\spool directories are set to have Merged isolation mode. First of all, I don't ever see these directories in the final bin directory of the built app. I only see them in the project directory of the captured app. I assume that only the bin directory is needed to run the app so what role do these seemingly superfluous directories play in the isolation mode? The manual cautions against the use of the Full isolation mode in the Package.ini file and states that "You can use Full isolation mode as an override mechanism in the ##Attributes.ini files." Which ##Attributes.ini files files? The ones in the %Personal%, %Desktop%, and %SystemSystem%\spool directories? Again, how would this affect the final build? Is there even a 'Full' parameter for DirectoryIsolationMode? No reference documentation of this parameter. I only find one example of DirectoryIsolationMode=Full in the 'Set up Full isolation mode for Microsoft Outlook registry keys' example. I tried a build using 'Full' for the above mentioned directories and got no errors but I see no difference in behavior in the built app. I can write only to sandboxed directories no matter what. I read in the manual, "Between the prescan and postscan capture operations, assigns Full isolation mode to any directories that the application creates during the installation." Yet I see all but the afore-named directories are set to DirectoryIsolationMode=WriteCopy. Another question I have is how can you get external data into and out of an app with Full isolation mode at runtime once it is built? Also, can an app with either Full or WriteCopy isolation mode ever copy to and run a process or executable in the physical machine or surreptitiously run an existing executable or process? These are obviously important considerations for any virtual environment and are not adequately documented in the manual or elsewhere. I've been searching for days now for answers.