UAC plays defense against Malware

https://blogs.technet.com/b/mmpc/archive/2011/08/03/uac-plays-defense-against-malware.aspx

 

FINALLY

the reduction of UAC is so absolutely ridiculous in Windows 7 anyways.

 

That should give more users reason to use MSE as well (unless they already have HIPs or such in place).

 

A side effect of this is that UAC being disabled on a computer, assuming those who use the computer didn't turn UAC off, is a sign that malware is (or was) possibly present on the computer.

 

True.

And now that MSE is really just Defender in 8 we can expect UAC to be monitored by default with no 3rd party software necessary.

 

MSE is not 3rd party software, just not built-in.

 

Hmmm, maybe time to consider disabling the service and applying the DNS firewall rule to all web-facing apps instead.

 

I've turned off UAC without a UAC prompt in a virtual machine that had UAC at its default level (not max) by using the software referenced in this post. The latest MSE didn't block this.

 

Is there some special way to install this? I find the "Simple" readme.txt instructions incredibly difficult to understand

 

You can use the included bypassuac.exe from a command prompt. You don't need to install anything nor use those directions. Note that you need to have UAC set below max level for this to work.

Feed the command from Enable or Disable UAC From the Windows 7 / Vista Command Line into bypassuac.exe to disable UAC (set below max level) without a UAC prompt.

 

I was going to edit my post after I made it but I didn't think it was necessary.

It's not built in, which is the point. It's just as foreign as any other software.

 

Thank you Mrbrian! I'll try that later today.

 

Guess that equals a big fail for MSE..

 

All anything has to do is inject into explorer.exe (or any other whitelisted application) and then have explorer.exe elevate automatically. I don't see what MSE can do to block this.

 

Is it? None of us know how it works.

If I was to guess, this alone won't trigger any detection whatsoever, it wouldn't make sense. It will only contribute heuristic points, more points would be required to flag a detection. For example, malicious activity.

 

Thank you for the information MrBrian. I will give it a try in VM.

 

This is what I would assume as well. When the heuristics looks at a file and ALL it does is bypass UAC, it might not flag it. If it bypasses UAC and then tries to install silently and blahblah blah, yeah it'll probably flag it.

 

You sure? When run as a standalone tool I get this:

 

It worked fine for me in a Windows 7 x64 virtual machine. I'm not sure why that's happening. Perhaps security software is interfering?

@1chaoticadult and wat0114: You're welcome . Did either of you encounter any problems (if you tried it)?

 

Hi MrBrian,

It's not working for me. The command seems to initiate and do "something" but UAC remains alive and well, even at below maximum setting. I'm probably doing something stupid, missing the boat completely perhaps Can you please spell out the command for me on this one?

 

I also need the command spelled out. I don't think I'm doing something wrong as well. Ugh...

 

In a command prompt, enter bypassuac /c "%windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f"

Note: Edited because first attempts were wrong.

 

I've tried that, I'm getting incorrect input

Edit: Operation Successful. Checking to see if UAC is disabled. Got it MrBrian, thanks.

 

Did it work for you? I just tested it here in a virtual machine, and it works.

 

Yep I got it to work in my VM.