UAC prompt started suddenly appearing for program

I have a user who is using the Watchguard VPN client software. They have been using it on Windows 10 Pro (v 1709) for 6 months without issue. The UAC prompt suddenly started appearing this morning when they try to run the software. No updates for Windows or the software have been installed. I have 60 other users that are using it without this problem also. I am at a loss as to why this would suddenly start needing elevated privileges to run. Does anyone know why this would happen or how to fix it? I am not going to disable user account control or give them admin rights.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

slightwv (䄆 Netminder) Commented:
Did the location of the software change?  You can get the UAC when running something from an external share/disk.
Martyn SpencerSoftware Developer / Linux System Administrator / Managing DirectorCommented:
Firstly, good job for not just taking the easy route and disabling UAC or giving them admin access. There may be a simpler answer to what I am suggesting, but you may want to consider my suggestion if no one else offers a good explanation.

If you look at the VPN client application, is it still signed? Does the signature match that of other installations? If you create an MD5sum of clients that do not exhibit the problem and compare it to the client that does, are they the same? I would want to exclude the possibility that the file has in any way changed outside of your control. Since it is possible for any form of malware to hide this kind of change from you, the only way of guaranteeing that you are checking the correct app would be to take a "clean" copy of the application in question (ie remove the HDD and copy it from a known clean machine). VPN apps are such great targets for malware since once compromised, an attacker has access to the data passing over the VPN to a large extent.
Robcarter10Author Commented:
slightwv, The location has not changed. It is installed on the C: drive like it has always been.

Martyn, I don't have physical access to the machine at the moment to remove the hard drive. I did think issues with the program could cause this. I uninstalled it and installed it again but the problem remained.
William FulksSystems Analyst & WebmasterCommented:
Here is info from Watchguard's site explaining how to setup access. It says in the first paragraph that elevated access is required for some things -
Martyn SpencerSoftware Developer / Linux System Administrator / Managing DirectorCommented:
Clearly do check what William has suggested, but I would personally not trust a reinstallation, since anything malicious would simply tamper with the reinstalled file. Comparing an MD5 sum of a working app to a non working app would be best done in a clean fashion as I suggested.

I will definitely concede that my suggestion is definitely of the "tin hat" variety but with VPN software, odd behaviours should always merit close inspection particularly if what you are doing has not changed and the exact functions that previously did not require UAC elevation are now requiring it.
JohnBusiness Consultant (Owner)Commented:
In addition to the above suggestions, see if there is a Settings Option that would affect this. There is such a setting in Glarysoft which became unset and caused UAC to show up. Sync Back uses a Manifest File to prevent UAC. So see if there may be a setting.
Basic Troubleshooting would be to share what the Details of the UAC window say. Click on Details, share what program executable call (including Parameters, if any) has brought up UAC.
Something had to change somewhere. Could be a setting like John mentioned. What version are you of the Watchguard software are you running anyway?
Shaun VermaakTechnical SpecialistCommented:
Is it a prompt for consent or for elevation?

Perhaps it is a code signed binary and the root certificates are not up-to-date on that computer
Martyn SpencerSoftware Developer / Linux System Administrator / Managing DirectorCommented:
All of the advice given in this question is quite relevant for someone troubleshooting this kind of issue, so I propose that the comments that guide someone experiencing a similar issue are worthy of credit.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.