Security Frustrations - Bundle of Questions (Defender, UAC)

Discussion in 'Windows Vista Security' started by Julian, Mar 30, 2007.

  1. Julian

    Julian Guest

    Frustrated Vista Home Premium user, very IT literate whose stupidity you may
    nonetheless take for granted; your patience is appreciated (but if you can
    live with UAC/Defender you already have more patience than I do)

    I have startup programs I trust that Defender always blocks.

    I don't see the "Alert dialog with Action Menu", just the Defender balloon
    from the systray at startup, so I never see any option to add a program to
    the Allowed Items list. How do I allow programs of my choice? When should the
    dialog appear?

    I have turned off "Auto Start" Real-Time protection, and that didn't seem to
    make any difference either, despite what it says in Help. Any ideas why?

    I also understand that the heuristics used to detect "harmful or unwanted"
    programs include looking for the string "updater" in the file name... I have
    updaters I trust which are also blocked, is there any way to disable just
    this aspect of the heuristics? Or any other way to get them to run silently?

    Misc gripes: program classification: as a startup item Microsoft Windows
    Explorer is classiffied as Permitted, but as a Running Program (with suffix
    :3088, ?PID?) it is marked Not Yet Classified - what's going on here? Why on
    earth does the Defender's History claim a program name is "Unknown", when the
    app path is in the bottom pane? (but you can only see it if the window is big
    enough). How does a program get its classification?

    And I wish Defender would explain which specific settings catch particular
    programs! Any way to tell?

    Oh, and I know that UAC is supposed to catch programs that require Admin
    privileges, but is there any way on this great green earth to tell it "Yes, I
    know! I have approved this program with Admin password, don't ask me again
    *unless the app changes*!"? [Surely MS could check for program alteration,
    other security apps can!] And why doesn't it say WHAT, requiring admin
    privilege, the program wishes to do/which rules caught it - put it under an
    Advanced button to avoid frightening the masses if necessary, but don't omit

    I kept my XP machines free of problems for >2 years with a combination of
    RegRun (which has an excellent application database behind it), Norton
    Antivirus and Steganos Antispyware; I can't believe how after so much effort
    by MS, Vista security could have been made so unfriendly, intrusive and

    I have already reset my main account to Admin, so at least I don't have to
    TYPE my password at every UAC prompt, which already defeats part of the MS
    objective... if I am just being plain dumb and people can answer the above
    questions great - otherwise I think both UAC and Defender are going to be
    turned off and I'll run security the way I used to...

    Given that not all apps have been adapted to the preferred MS model yet, can
    you tell me how to set Vista/Defender up for peaceful AND secure running?


    Julian, Mar 30, 2007
    1. Advertisements

  2. Wow, Julian. You got my attention. But, since I'm the only user on my
    computer, I was automatically setup as Administrator (I think. Well it says
    Administrator on the User Accounts window.). Remember how in XP the Windows
    Defender was in installation. Well, they took care of that. It's not on
    the "Program and Features" unless they have hidden it somehow. It is listed
    under Program Files on the C: drive. One of the folders I can look into.
    You might checkout "Control Panel...System and Maintenance...Performance
    Information and Tools...Manage startup programs.

    If you really want to blow a fuse...take a look at the Event Viewer.
    Children, don't try this at home. One of the easier fixes was that the
    Viewer showed me a file that was missing. Yeh. A search confirmed that the
    file was not on my C: drive (File: I8042prt.sys). Oh, I cleared the log and
    rebooted to make sure it wasn't a false reading. But, sure enough, the
    error reappeared. It cost me twenty bucks to get a copy of the file (you
    don't think Microsoft would make a copy available. The Event Viewer says
    it's missing (not is so many words), but does the Microsoft Update download
    me a copy? Hahaha. I put it into the System32 Folder and guess what. No
    more missing I8042prt file errors.

    I even brought my computer tech in on one error involving the BIOS.
    "IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7,
    function 0. Please contact your system vendor for technical assistance."
    The last I heard he was calling Microsoft for advise on how to resolve the
    error. I don't plan on seeing him again for a while.

    I even went so far as to publish my Event Viewer errors as questions on the
    Windows Vista Community Discussion Groups. Guess what. I have not had one
    reply on any of them. I would like to think that some bright young MVP is
    staying up nights trying to resolve the errors, but something tells me that
    no one wants to have anything to do this them. So, if you have a strong
    stomach, take a look at your Viewer. I have a feeling our friend Kirk has
    never even heard of the Viewer.

    Keep Smiling...I makes them worry.

    William Beard, Mar 30, 2007
    1. Advertisements

  3. Julian

    Jesper Guest

    Frustrated Vista Home Premium user, very IT literate whose stupidity you may
    I've lived with it for over a year, and I'm not particularly patient.
    Click the balloon. If you miss the balloon:
    1. Select "Windows Defender" from the Start Menu:All Programs.
    2. Click Tools
    3. Click Software Explorer
    4. Select the program you want to run and click the "Enable" button.
    That has nothing to do with start up programs. That just governs whether you
    want Defender to protect you from spyware when you read e-mail and surf the
    No, not at all. Defender uses a blacklist to block software that is
    considered spyware, and a heuristic detection to block certain actions
    without approval. Those actions include many of the most common actions that
    spyware take, such as adding themselves to your startup programs, setting up
    proxies in your web browser, or hijacking your name resolution services. All
    of those are used by criminals to hijack your computer, which is why Defender
    blocks them until you approve them.

    It is not Defender but UAC that detects installers in several ways,
    including by file name. That is done so that installers are elevated to run
    as a full admin (with approval) to ensure they always work properly. It has
    nothing to do with Defender and if you disable UAC that detection is turned
    off, and not needed any more.
    Yes, you can disable the installer detection in UAC but it is a registry
    hack. If you do you must manually elevate installers. It won't automatically
    prompt you any more. To disable installer detection run this command from an
    elevated command prompt (one running as an administrator)
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v
    EnableInstallerDetection /t REG_DWORD /d 0 /f
    A program gets its classification through spynet:
    No but you can turn off the ones that offend you by going to Tools: Options
    and selecting the things you want under "Use real-time protection
    (recommended)." For instance, if you like your spyware to run when you log on
    to your computer then uncheck the "Auto Start" box.
    No. An application can perform a lot of tasks, and can be driven to do so
    automatically by other applications. To use an "always permit" option would
    be most unwise; on par with how other vendors do it in their software.
    Sure, but how do you know that the task you are taking now is non-malicious,
    but the one an application is automating ten minutes from now is not?
    How would you do that? Windows is not detecting that the program is trying
    to perform an administrative task. Windows is simply responding to what the
    program is telling Windows to do. The program tells Windows that "hey, I
    would like to be an admin now, can you ask the user if that's OK?" Windows
    has no a-priori knowledge of what exact task you are about to take with the
    program. Sure, every such task could be automated. To see how that would work
    I just trapped some output from a program that may be taking administrative
    tasks. In three and a half second the program took 40,728 actions, many of
    which are administrative. Windows could certainly prompt you for each, but
    frankly, that would be silly. Furthermore, there is no way of knowing which
    actions the program is going to take a priori, hence the lack of a "sure,
    always allow this program for me" option. When writing my latest book I spent
    some time with Symantec's firewall product. It detected a piece of possible
    malware that I executed and asked if I wanted to permit it to access the
    Internet or not. The action it detected was just a lookup of a name. That was
    not particularly sensitive, so most users would hit "Enter" and pick the
    default option, which was "Always allow connections for this program." Only
    if you went through 8 steps to create a custom rule did you get prompted when
    the program tried to upload all your checking account information to a server
    in Russia. The "always allow this program" is a horrible option since the
    software asking you to decide has no idea what future actions this program
    may take.
    What exactly are you doing to make it so "unfriendly, intrusive, and
    obscure?" I'm seriously interested in that. I don't get of these messages or
    blocks on most days and I have run Vista daily since the day it shipped (and
    before). The only time I get one of these messages is on the rare occasion
    when I install something.
    No. There are three options: secure, usable, and cheap. You get to pick any
    two. Your choice. That's a fundamental law of computing. You are responsible
    for your own security. You can try to abdicate that responsibility to others,
    but, as in the case with my experiment with Symantec's firewall above, it
    usually does not work. Technology cannot solve these problems. Security
    should not be the major part of what you do with your computer, or even 10%
    of it, but in the world we live in today you definitely need to adjust your
    expectations a little if you wish to keep your private information private
    and your money in your checking account instead of the bad guys'.
    Jesper, Mar 31, 2007
  4. Julian

    Julian Guest

    Thanks Jesper...

    Noted info on auto-start, heuristics (Defender vs UAC) and the reg hack
    (filed for reference - much appreciated).

    I also appreciate the points re not having "always permit", especially that
    apps can be drive from other apps... but if the system doesn't give me the
    equivalent of a stack trace, how can I tell whether a request for privilege
    arises from my direct action (which I should permit) or from some malware
    invocation (which I should not permit)? But having thought about this a lot
    and I can see how difficult/nasty it could be either from UI AND
    implementation perspectives.

    I liked your example, but how would Vista security have prevented the upload
    of sensitive data? Each time a dialog popped up you would have said "OK,
    just this once" and not seeing any difference in the circumstances (because
    Vista doesn't tell you) you wouldn't you also have said "OK, just this once"
    on the fatal 8th time? (nice "social engineering"!)

    An example of my issue is this: Steganos' "updatesafeagent"runs when I start
    Safe, when I open a safe and when I close it. It is only legitimately called
    called by "Steganos Safe" (though I think 3 calls is excessive!). It probably
    doesn't need admin privileges unless it finds an update (which it hasn't
    yet), so that may be Steganos' fault, but I do still trust it.

    Re Defender... Oh, I did indeed feel very stupid (at first, BUT... see
    below) when you said:
    I immediately went to Defender to look for Enable and suddenly realised my
    problem: my screen is quite large and hi res and I have the window
    maximised... being focussed on the app list and info pane, having tried
    right-clicking for a context menu (a logical choice it seemed) I completely
    missed the greyed out buttons in the bottom right corner. Doh! [FWIW I
    rechecked the direct help link "Using Software Explorer in Windows Defender -
    it doesn't mention Remove/Enable/Disable as far as I can see... ]

    So I selected an app, and guess what? The buttons were still greyed out.

    I worked through every app in the list and sometimes buttons were available,
    but most of the time none were; I can't see the pattern.

    I think the UI design is weak here: right-click/radio buttons would have
    been better: keep action options close to their targets; buttons so far away
    that are nearly always greyed out are not prominent enough.

    Examples: two programs blocked at startup from Reg Local Machine
    "Macrovision Update Service" and its scheduler are classified as "Not Yet
    Classified", and when selected no buttons are available - they cannot be
    enabled (or disabled, or removed)

    LxrAutorun (Reg Current User) which handles my encrypted USB stick is also
    NYC, but has Remove and Disable buttons available. (As I said, I run as admin
    now to avoid retyping my long and secure password each time.)

    Adobe Acrobat (All Users Startup) has no buttons enabled? Can't I remove it
    from startup from here? (Am I expected instead to delete it from the Startup
    folder? That's an inconsistent approach)

    Now, if an app is allowed to run even if NYC (which would account for
    LxrAuto run actually running, which it does) this would not account for
    Macrovision not running. What criteria determine whether an app actually

    And how does "Allow" differ from Enable? I still have an empty Allowed list
    and no idea how I might add an item to it.

    I don't get it at all.
    LOL! If only I knew! Most points above:I have startup items I still cannot
    make run at startup without intervention, despite your help, I have apps I
    trust that I always want to run, and run without prompts because they are
    used so often - if my trust is misplaced then that should be my problem -
    play wailing sirens and fly the Jolly Roger on the screen if you want to put
    people off making such choices carelessly, but at least provide the choice.

    I do not want to disable UAC or turn off Defender because I appreciate what
    they are trying to do for me, but... [da capo]

    And this is Home Premium, so I don't have as many security choices as
    Ultimate users have - unfortunately... I think many of the Home omissions are
    strange/annoying/clever marketing... but that's another topic.

    Jesper, you put a lot of effort into your reply, I really appreciate it.

    Julian, Mar 31, 2007
  5. Julian

    Jesper Guest

    but if the system doesn't give me the
    That is the key problem. There is no infrastructure in the OS to percolate
    that to where the access check happens. Theoretically, one could be built,
    but it would require some low level instrumentation and modification to
    hundreds, maybe thousands, of APIs. That's not a change to be taken lightly,
    especially not since you can't just go modify those APIs. There has to be a
    path for supporting uses that do not understand the new APIs unless you
    intend to break all existing software.
    Yep, that's the problem. One of the gripes I have with UAC still is that it
    does not give people enough information to make decision yet. That's a
    problem that will take a very long time to solve though. I don't know how to
    really do that. The problem, as you say, is that people become accustomed to
    the dialogs and stop paying attention to them. They become a fast-clicking
    We can probably find a good home for that screen if you find it cumbersome!
    Don't know what that means but I think certain OS components are
    automatically permitted and can't be changed. For instance, on the system I
    am looking at right now I see userinit and Explorer with all greyed out
    buttons. Strictly speaking you can run without Explorer (although it won't be
    pretty) but userinit is required. Everything else I can disable.
    Yes, I definitely find the UI design somewhat obtuse.
    Did you click the "Show for all users" button? I think that allows you to
    modify things that are running for all users. If you do that you elevate the
    app and then you should be able to modify those components. If you don't
    click that button you can only modify your own components.

    Sorry, I don't understand your question. If an app is in one of the startup
    items and it is configured as enabled in Defender it will run.
    You can allow an app to run, but disable it temporarily. Think of it as a
    testing feature "I want to run my system with this component disabled, but I
    don't want to block it permanently."
    I think that's the issue really. I don't generally run a lot of third-party
    utilities and so on. Those are the ones that are more likely to generate the
    popups because the small devs are the ones that have not figured out that
    Windows 95 is no longer the standard toward which to write software. I
    dislike having all these third-party apps that I can't update, so I will live
    without Jolly Roger.
    Absolutely. It is about "SKU Differentiation" which, frankly, I don't get.
    It's making life a lot more difficult for those of us trying to help people.
    No worries. I like UAC (and Defender - mostly) and I really hope it succeeds
    in what it is intending. It worries me greatly that people are denigrating it
    because it fails on things that it was never designed to do in the first
    place. Just this past week InfoWorld, one of the most respected magazines in
    the industry, carried a dreadful piece on their front cover that basically
    echoed all the poorly substantiated opinions from various "luminaries" who
    haven't bothered understanding how UAC, or Vista in general, actually works.
    They had everything from UACs failure to properly establish a security
    boundary (it was not designed to do that) to the firewall outbound filters
    being off by default (they are on by default) in the article. It's really
    very unfortunate that even a reputable magazine like InfoWorld can't be
    bothered to see the bigger picture and make their reporters actually check
    their facts.

    I'm working on an article for TechNet Magazine on UAC. I will definitely
    cover the failure of the popular press to understand the technology and its
    willingness to jump on every claim from Microsoft's competitors in there, and
    how that is harming the ultimate objective of helping computer users protect
    Jesper, Apr 1, 2007
  6. Julian

    Julian Guest

    We can probably find a good home for that screen if you find it cumbersome!
    Big for a laptop:) Sorry, not detachable:)
    Can't see that Show For All should be relevant; if they are running for me,
    then I want to modify how they run for me, I don't care about anybody else.
    Why should I have to, how could I know I should do all that, he asked
    I am reasonably sure I have NYC apps that run at startup; Macrovision is
    also NYC, it doesn't run. What determines what runs at startup- couldn't be
    classification alone if I am (reasonably) correct. What enables apps, on
    what basis?
    And creating the need for some of that help in the first place. Nuff said.
    If Defender and UAC work to spec - and I assume they do - I agree the
    denigration is misdirected: it should be directed at MS communication. When
    announced or demoed or whatever, MS should have been very clear about their
    scope etc. and then checked the reporting immediately afterwards. If it
    didn't demonstrate correct understanding immediate re-explanation should have
    been required.

    MS must be responsible for ensuring that it is being understood - no one
    else can be. I do think MS at the very least found it convenient to have the
    improved security of Vista attract so much attention up front - but now it is
    reaping the whirlwind. That's what you get for too much huff and puff.
    Hmmm... are you going to say it's perfectly clear or....?

    If someone doesn't understand something (general relativity or Vista
    security) you can say they are unqualified, stupid, or lazy (or some
    combination, which might be true but whether it is helpful to say so is
    another matter) - or you can accept that it wasn't explained well enough.

    (Unless of course it's quantum mechanics, in which case the famous dictum is
    "Anyone who says they understand quantum mechanics clearly doesn't." - which
    probably only makes sense if you understand quantum mechanics <g>)

    When everyone scores below par in an exam, the examiner would rightly look
    to the teacher for having failed in the primary objective - communicating
    understanding effectively.

    You are fortunate if you can do without some of these 3rd party apps, my
    business and interests require many niche applications - I don't think I
    should be penalised for not being Joe PC User.

    UAC & Defender - I appreciate the ambitions for them; I don't think the
    overall execution can be called satisfactory.

    Thanks again,

    Julian, Apr 2, 2007
  7. Julian

    Alun Harford Guest

    You've told your BIOS (or somebody or something has) that your machine
    is not running a plug-and-play OS.
    You need to change that setting, so that the OS can assign IRQs.

    Alun Harford
    Alun Harford, Apr 2, 2007
  8. Alun, how do I do that? I figured out how to get into the BIOS, but I
    resist the urge to mess with it.
    If you can tell me step by step where to go, what to look for, and what it
    should say, then I'm willing to give it a try.

    William Beard
    William Beard, Apr 3, 2007
  9. Julian

    pk Guest

    I'm having similar problems, so just to recap. Is there a way to allow an
    application with unidentified publisher? I'm using the latest beta of winrar
    and everytime i open a archive, it asks me to allow winrar.exe, also in every
    start up i have ASUS motherboard software that asks me three times to allow
    it to run (3 different .exes, of which defender blocks one).

    Running as an administrator with UAC and all start up apps are enabled in
    defender, although they are not yet classified.

    Luckily i boot my computer only once a week, but it's still a bit annoying.

    So is there a way to always allow these aps when i run them (group/security
    policy or registry)?
    pk, Apr 3, 2007
  10. Julian

    Jesper Guest

    I'm having similar problems, so just to recap. Is there a way to allow an
    Sorry, but I don't don't understand the winrar problem. Is it UAC that asks
    you to permit it? If so, then winrar.exe is either detected as an installer,
    or it has a manifest that asks for it to be elevated. I'm not sure which. You
    can try disabling installer detection as per a prior message in this thread
    and see what happens.

    What is it that prompts for the ASUS motherboard software? Is it Windows
    Defender or UAC? The way you get rid of the prompt differs, and if it is UAC,
    you really have no options. You should see if you can run your computer
    without that software in that case, or pester ASUS to produce a
    Vista-compliant software suite for it. It is exactly that kind of software -
    requiring interactive users to be admins - that makes UAC so necessary.
    Jesper, Apr 3, 2007
  11. Julian

    Jesper Guest

    Can't see that Show For All should be relevant; if they are running for me,
    So, here is the rhetorical answer:

    There are programs that autostart for a single user (for instance, those in
    HKCU\Software\Windows\CurrentVersion\Run and in
    %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup)
    and then there are those that autostart for all users (such as those in
    HKLM\Software\Windows\CurrentVersion\Run and in
    %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup). You can
    freely modify your own startup programs but on a multi-user system modifying
    startup programs for other users is an action only administrators should be
    able to take. Windows Vista, by definition, is a multi-user system even if
    for a particular installation there is only one human being actually using
    it. The Show All... button elevates your process so that you can modify
    startup programs for all users. In a corporate setting, for instance, I, as
    the network security administrator, have a set of things I want everyone to
    run, and I do not want users to be able to modify those. By making those
    users non-admins I can enforce that because they cannot elevate and
    circumvent network security policy. Since the OS is inherently multi-user
    (there are three users on every system by default - the Administrator, the
    Guest, and the one you created at install - although only one is enabled) all
    functionality is designed around the premise that the OS supports multiple
    users and that therefore one user must be prevented from making unauthorized
    changes to the environment of others.

    Does that explain why the Show All... button is relevant?
    I don't know what NYC means here (keep thinking New York City, but that's
    probably not it). Anyway, what determines running at startup: the fact that
    the program is listed/located/linked from one of the locations listed above,
    along with a few other extraneous places. It has nothing whatsoever to do
    with classification. A program that is listed/located/linked from one the
    auto-start locations is automatically classified as an auto-start or startup
    Yes. Interestingly enough, the product group, and a few other MS
    representatives, such as Mark Russinovich and Steve Riley, have been very
    clear about what UAC does and what it does not. The sales force, which
    presents the face of Microsoft to the vast majority of customers, have on
    occasion imbued UAC with qualities it does not possess. This is really
    unfortunate because it means that the popular press has always been able to
    find someone with a Microsoft badge that can validate anything they want
    validated, however poorly founded the opinion is. The press, of course, still
    believes that denigrating Microsoft is the best way to sell advertising, and
    are as lazy as anyone else and therefore not particularly interested in
    ensuring that their facts are accurate - as the InfoWorld article last week
    showed. Microsoft has not been able to exercise sufficient control over them
    to help matters much. Rather, the press has relied on sources like Symantec,
    who of course have a vested interest in Microsoft being seen as a bumbling
    bunch of morons when it comes to security and feels really threatened by the
    prospect that Microsoft might actually succeed in anything security-related.
    It is kind of like Car and Driver magazine relying on General Motors for the
    "facts" and test drive experiences about Toyota's new vehicles. You can
    imagine yourself how accurate those "facts" become.
    No, I wouldn't say that. :) I'm trying really hard to state objective fact
    True, but I have found that the facts about UAC are actually there if (a)
    you go looking for them, and (b) you understand enough about the OS and
    programming to digest them. That's the key problem: you really need to
    understand a fair bit about how the OS works to understand how UAC works. In
    the article, as well as in the Vista Security Book, I think I spent most of
    my time on "translation"; translating the technical details on UAC into terms
    that non-developers actually understand, while at the same time explaining
    why it is the way it is. That is the part I have not yet seen from Microsoft.
    Funny! I just delivered a presentation where I drew parallels between
    information security and quantum physics. Maybe I should write an article on
    that too?
    You are like a lot of people. It is difficult. To a large extent the whole
    point of Windows is that it has such a vast majority of applications written
    for it. If it weren't for that, the Mac OS is in some ways a much more
    elegant (if far less secure) platform.
    The Microsoft product groups read these newsgroups. If there is constructive
    criticism, by all means, put it out here. Many (most) of the people that
    respond to questions here are MVPs ( who
    have traditionally been very good at ensuring the feedback from the
    newsgroups makes it back to the product groups. Even some of the non-MVPs,
    like myself, have ways to get feedback to MS that they will listen to.

    Windows Defender is a version 2/3 product, so it should be a little more
    polished, but UAC is truly a v1 product. It definitely has some growing up to
    do and some features to come in future versions. They are looking for that
    feedback right now.
    Jesper, Apr 3, 2007
  12. Julian

    pk Guest

    Defender blocks one of the asus exe files and i have to manually start it via
    defender every time. THe problem is with UAC then, i think or that all of
    them require administrative priviledges.
    But what i was getting at that is there a way to allow an .exe-file to start
    always in admin mode, with out any prompts?

    when i start winrar.exe it says "an unidetified program wants to access your
    unidentified publisher
    pk, Apr 3, 2007
  13. Julian

    Jesper Guest

    I just wrote a different post on that. Search the newsgroups for Defender
    and there will be instructions for how to permanently unblock it.
    No. You can take various steps to make it not prompt, but there is no way to
    elevate it without prompts short of rewriting the app. In other words, yes,
    you can remove the prompt, but the app may not work properly if you do.
    If the dialog says "User Account Control" in the title bar it is a UAC
    dialog. If not, it is caused by a flag IE puts on the binary when you
    download it. You can remove that flag permanently either by checking the box
    in the dialog or by right-clicking on the binary and unchecking the box on
    the general screen for it. Sorry, but I don't have a dialog in front of me
    and I can't remember the exact text but it should be obvious.
    Jesper, Apr 3, 2007
  14. Julian

    Carl G Guest

    Hi Julian
    Isn't half that security a bunch of crap ?
    I turned off UAC already , the dam thing wouldn't eaven let me delete jpg
    files I have in my picture folder without 2 UAC prompts.
    That is a real crock. That is going way beond security.
    I never had any security problems with XP so why should I have to put up
    with this stuff?
    I also believe we need a certain amount of security but not this garbage.

    Carl G

    Carl G, Apr 4, 2007
  15. Which .EXE is it? Is it really "from Asus", or is it a malware
    name-alike? Does an Internet search for that file name, plus (say)
    Vista, find others with the same issue, and perhaps fixes?
    Not in the startup axis, no. There are very good reasons for that.
    Is WinRAR starting up in the startup axis? If so, why?
    Oh, OK ... so WinRAR and Asus issues are separate.

    In the case of WinRAR beta, clearly they have something to fix before
    it works in Vista. Feed this back to the WinRAR folks, as one would
    with any beta feedback, and see if they fix it in a new build.

    In the case of Asus, it smells like XP bundleware that hasn't been
    tested in Vista, and is thus prolly best avoided. Perhaps there's
    coverage of this issue in an FAQ at the Asus site, and/or a fix?

    Tip Of The Day:
    To disable the 'Tip of the Day' feature...
    cquirke (MVP Windows shell/user), Apr 8, 2007
  16. Julian

    Chasfax Guest

    Hi, We are trying to make an application Vista compatible. We have
    VeriSigned an installer and a program it schedules to run after a re-boot by
    placing its name in the RunOnce part of the registry. This makes UAC
    "happy", it says we are the signer of the application instead of saying
    Unknown. But it does not make Windows Defender happy. When the reboot
    program happens then the second program, SetupF.exe, is blocked and the
    little "you better see this quick because I'm disappearing soon" kind of
    message comes up saying "Some Startup Programs were blocked". If the user
    chooses allow blocked program it gives the UAC prompt for do you want this
    program signed by "Us" to run. The second half of that is fine. But if we
    choose the option to open Windows Defender then SetupF.exe is in the
    unclassified section and the publisher is listed as "Unknown Publisher".
    So apparently signer (in the VeriSign sense of the word, as signed by
    SignTool.exe) is different from Publisher. How do we specify Publisher?
    Then at least the program would not be listed as coming from an Unknown
    Publisher. Even better would be if we could get it to run without the extra
    Windows Defender prompt and only give the UAC prompt (it is marked Require
    Administrator in an embedded manifest).

    Any thoughts, fixes, links?
    Chasfax, Jul 18, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.