On at default level. In these couple of UAC years there have been a few cases when I clicked an informed or suspicious NO.
That said, I've seen a fakeAV that caused quite a mess without ever triggering it, simply running from the user folder just like Chrome. Cleaning it was quite trivial for me and my Sysinternals skilllZ
, but the mess it created in the Default Programs (extension>program, y'know) required a System Restore massage, and if I had not had a point to restore to, it probably would have required less work to install a fresh copy of W7 than to bring that situation back to normal.
Cleaning it would not be trivial for the average user.