主权项 |
1. A method for isolating untrusted content on a computer device, the method comprising:
intercepting a task from a primary user account prior to execution of the task by the computer device, wherein the task relates to an untrusted content; provisioning a task isolation environment for executing the task, including (i) programmatically creating a secondary user account on the computer device, (ii) determining a printer which is available in the primary user account, and (iii) making the printer available in the secondary user account by populating printer-related user settings in the secondary user account; executing the task in the task isolation environment in relation to the untrusted content; intercepting, by an agent, a printer service request by the task in the secondary user account in relation to the printer; determining, by the agent, whether to allow or deny the printer service request by the task of the secondary user account in relation to the printer; and providing impersonated credentials of the primary user account by the agent when the printer service request is allowed and allowing the printer service request to proceed using the impersonated credentials. |