As I suspected, they are specifically running explorer.exe
with the /select
parameter, using an API (CreateProcess
) that we can't intercept.
You could try contacting the developer and asking if they would consider changing to use the SHOpenFolderAndSelectItems
API call instead, which we would then be able to intercept.