Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: UAC security question

28 Feb 2014   #11
UsernameIssues

W7 Pro SP1 64bit
 
 

Once an app has elevated privileges, it can silently change lots of things in the registry - including incoming and outgoing firewall rules.

It would have been nice/better if the offending app had told the user that it was going to lower security settings. If we don't find the offending app, we can try locking down that part of the registry via permissions, But that is a last resort since doing so can cause other issues.

Let your fiancee know to tell you if she sees something other that Always notify if the computer restarts.


My System SpecsSystem Spec
.
03 Mar 2014   #12
andrew129260

Windows 10 Pro
 
 

Username issues you are the man!

Thank to your script I discovered what it was!

Its panda antivirus.

1.) Set uac to its highest level, always notify.
2.) Download the test eicar.com file from Download EICAR - European Expert Group for IT-Security
3.) When panda detects the threat, it goes down to default uac level.

At least for me. Does it do it for you?

I regularly test my av software to make sure its working and that is why every couple of weeks this happened.

If you confirm it, I will send this data to panda security and inform them. I have confirmed it on virtual machine, but just wanted to make sure.
My System SpecsSystem Spec
03 Mar 2014   #13
UsernameIssues

W7 Pro SP1 64bit
 
 

I tried to download the sample...
...it is deleted by IE11's SmartScreen Filter.

I turn off that filter & download again...
...the sample is deleted by Windows Defender.

I disable Windows Defender...
...now the website stopped responding.
...I'll try the https connection.

I'll test it when I can :-)
My System SpecsSystem Spec
.

03 Mar 2014   #14
UsernameIssues

W7 Pro SP1 64bit
 
 

As you can see in the video below, I'm using the default settings. Remember when I told you (at least I think that it was you) that Panda Cloud Antivirus (PCA) triggered on cookies and that I did not want those that I support calling me every time that they saw that. PCA lowered the UAC when it found a cookie :-(

The quick scan did not touch the desktop?
(which already had the eicar.com sample on it)

I tested several more times...
...each time ending the Virtual Machine (VM).
The VM is frozen, so it reverted to a clean state.
IE's filter was turned off.
Windows Defender was disabled.
The sample was downloaded to the desktop via https.


For one of those tests, I got this video:
(skip to 2:30 if you are in a hurry)

It is not one of my better videos since I forgot to open the UAC GUI before installing PCA.

PCA was installed.
A quick scan was run.
A cookie was found.
The UAC level was lowered.
I set the UAC to high.

Not shown in the video:
I restarted the VM.
Opened the UAC GUI
Started recording a second video.
Right clicked on the sample.
(figuring that PCA would kick in when I accessed the sample file's properties)
PCA did kick in...
...but alas, the sample file's properties window hid the UAC window
...so the video did not record the UAC level change.
But the UAC level was lowered.
I dumped that video.

I tried a few more times to record PCA killing the eicar.com sample and I saw some things that did not look right. I could not get PCA to kill the eicar.com sample in more than one subsequent test. I'll see if I can get that on video.


edit:
It is possible that I was rushing things. Maybe I checked the properties of the eicar.com sample before PCA's services got started (but I also hope that such is not possible). I could not get the "failure" on video.

I thought about showing a constant ping to one of the many servers that Panda sends submission to - to prove connectivity for the VM... but then I recalled that it only submits unknowns. It does have a local database for some checks. Right?

Here is a video with more detail. The boot at the start is to show that the W7 pro 64bit VM was restarted after setting the UAC to high. However, the move from default to high does not require a restart. I also opted to restart (just for fun) after installing PCA.
My System SpecsSystem Spec
03 Mar 2014   #15
andrew129260

Windows 10 Pro
 
 

Great vids thank you for your testing

Created a thread in there support forum to let them know:

Panda Security Forum - View topic - Panda cloud AV UAC Issue

By the way, what screen video recorder do you use?
My System SpecsSystem Spec
04 Mar 2014   #16
andrew129260

Windows 10 Pro
 
 

UPDATE:

Panda has confirmed this bug. They are going to work on fixing it.

Thanks to username issues and everyone else who has responded to this.
My System SpecsSystem Spec
04 Mar 2014   #17
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by andrew129260 View Post
~~~
By the way, what screen video recorder do you use?
UAC security question-cam.png

Installed in the root of the system drive (instead of the Programs Files folders). I tried a newer version of CamStudio and there was something about it that I did not like. I'm not sure where CamStudio 2.0 can be safely downloaded from... I cannot test right now.


My System SpecsSystem Spec
31 Mar 2014   #18
andrew129260

Windows 10 Pro
 
 

The uac issue with panda is a bug, panda confirmed and will be fixed with its new full version release. The whole interface is being redone and will have several performance improvements.

Panda Cloud Antivirus 2.9 Beta
My System SpecsSystem Spec
02 Jun 2014   #19
andrew129260

Windows 10 Pro
 
 

My System SpecsSystem Spec
09 Sep 2014   #20
hexaae

Windows 7 Home Premium x64 SP1
 
 

Panda Cloud Antivirus FREE 3.0.1 still has this annoying issue!
It drove me crazy then I realized it was Panda.... a few weeks later I've found this thread to confirm the issue, which has NOT been fixed in the free cloud version.

Not only this, Panda also doesn't allow me to hide drive D: (reg key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives ) always reverting it to default value 0. After reboot randomly I see again drive D: and registry key restored to default (!).
My System SpecsSystem Spec
Reply

 UAC security question




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Security question
Can I please have some advice on this bit of software. Is it good or bad Etc??:tip: many thanks. HitmanPro.Alert CryptoGuard - SurfRight
System Security
Security Question
I am trying to devise a layered security approach for my PC. I wrote in about this a while back but some of the programs were messing with my PC so I uninstalled them. I recently found ZoneAlarm Free Antivirus + Firewall. I currently have Trend Micro Titanium Maximum Security 2013 installed. I like...
System Security
Security question
I am running a Win 7 64 ( updated ) router for firewall, 7 fw, LUA, MSE, Malwrebytes free, Hitman pro free, Sandboxie free delete contents upon closing , and use Chrome for my browser. I only use this computer for surfing, and was wondering how likely it would be to get hacked or infected other...
System Security
Security Question
This question is not actually Win7 related, but there is expert knowledge on this forum. I would really appreciate your input. (It may be Win7 related, because I may have to do a reinstall) Today I received a Yahoo IM from someone I did not know. As I was attempting to have my...
System Security
security question
ive been using windows 7 for a while now. just wana know how to protect my inentity on the net?? every time i go to icq or any chat every one knows wat country im form and wat internet service i use and what os i use . how do i hide my self from ppl like that??? its becomming anoying now.
System Security
Question About Security Software.......
I know this may be a dumb question but ive always wanted to ask this. I mean....can the Kaspersky Password Manager be trusted???? I mean...when you put ALL you sensitive info in there....i mean...wont the people who work for Kaspersky or the people who made the program see all your passwords and...
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App