Windows Vista UAC Goofiness

Windows Vista UAC is not always a predictable beast.

Today I found out that if an executable doesn't set level="asInvoker" in its manifest, UAC confirmation will kick in if any of the following substrings appear in the filename:

  • setup
  • install
  • update

A digital signature does not affect this behavior.

Besides adding "asInvoker" to the manifest, another workaround is to rename the executable to remove the trigger word. For example, renaming MyProductUpdater.exe to MyProductRenewal.exe will (for now) bypass the UAC logic.

Note that this in no way bypasses the protections of UAC. Functions which perform some task which requires UAC-approval will simply fail. This will only be useful if you have an update tool which only updates user-owned resources, since that doesn't require UAC-approval.

About Jeff Fitzsimons

Jeff Fitzsimons is a software engineer in the California Bay Area. Technical specialties include C++, Win32, and multithreading. Personal interests include rock climbing, cycling, motorcycles, and photography.
This entry was posted in Technology, Win32 and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.