Well, I have spent many days on researching this problem and I have the answer.
First of all, it is NOT Windows Defender; it is built into the UAC. Part of
the Best Practices programming interface is for there be a manifest file
(either embedded into the program or else as a text file in the same
directory as the program). Among many things that this manifest file does
(if it is external it has a suffix of .manifest) is indicate the security
level required. It can be Administrator, highestavailable, or asinvoker. If
you have signed in as an administrator, then this program will be
automatically blocked. You can then right click, run the program, and then
you will get the allow/cancel prompt. I have been advised by a
programmer/analyst that this procedure is to avoid confusion about where the
allow/cancel prompt is coming from. If you booted without that dual
indication, you might not know whether it was a legitimate program or not.
Makes sense in hindsight.
You can always turn off the UAC, but that is definitely NOT advisable under
Microsoft's security protocol.
However, it is a pain because of the double prompts. There is an easy
solution. If you know that a program requiring administrative permissions is
being run at startup,. the first thing to do is to determine from where it is
running. If from the run in the registry, then remove it from the registry
and create a .bat file (remember those?) that runs the program and then place
it in the Startup folder. Similarly, if it is run from the Startup folder,
merely create the same .bat file and run it from within that bat file. Since
the. bat file does NOT require administrative privileges, it will run with
only on the allow/cancel prompt. To me that is an adequate solution.
If there is a .manifest text file in the same directory as the startup
program, just changing the privileges to "asInvoker" will also solve the
problem. There is a danger in this however. If that program calls other
programs that require administrative privileges, then you run the risk of
compromising your computer's security. You need to understand what the
bootup program is doin. If it is overclk.exe, for example, a part of the
ASUS capability of overclocking the BIOS from within Windows and this is your
personal computer, no problem. Other programs, however, are more complex and
so you need to be careful and research thoroughly.
Finally, I believe this process to be a hole in Microsoft's security. What
is to prevent a malicious script from inserting a .bat file into the startup
folder and running some program that a novice user is simply going to say
"allow" to? This is the first time I have seen this question raised and I
believe it to be worthy of Microsoft's attention.
I hope this detailed response has helped you. Credit goes to the technical
team at Winbatch (
www.winbatch.com) for suggesting the solution to my
problem. For further information about .manifest files. please go to:
http://msdn2.microsoft.com/en-us/library/aa480150.aspx
Good luck.
Albert
