UAC prompt started suddenly appearing for program

Robcarter10
Robcarter10 used Ask the Experts™
on
I have a user who is using the Watchguard VPN client software. They have been using it on Windows 10 Pro (v 1709) for 6 months without issue. The UAC prompt suddenly started appearing this morning when they try to run the software. No updates for Windows or the software have been installed. I have 60 other users that are using it without this problem also. I am at a loss as to why this would suddenly start needing elevated privileges to run. Does anyone know why this would happen or how to fix it? I am not going to disable user account control or give them admin rights.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2012
Distinguished Expert 2018

Commented:
Did the location of the software change?  You can get the UAC when running something from an external share/disk.
Martyn SpencerSoftware Developer / Linux System Administrator / Managing Director

Commented:
Firstly, good job for not just taking the easy route and disabling UAC or giving them admin access. There may be a simpler answer to what I am suggesting, but you may want to consider my suggestion if no one else offers a good explanation.

If you look at the VPN client application, is it still signed? Does the signature match that of other installations? If you create an MD5sum of clients that do not exhibit the problem and compare it to the client that does, are they the same? I would want to exclude the possibility that the file has in any way changed outside of your control. Since it is possible for any form of malware to hide this kind of change from you, the only way of guaranteeing that you are checking the correct app would be to take a "clean" copy of the application in question (ie remove the HDD and copy it from a known clean machine). VPN apps are such great targets for malware since once compromised, an attacker has access to the data passing over the VPN to a large extent.

Author

Commented:
slightwv, The location has not changed. It is installed on the C: drive like it has always been.

Martyn, I don't have physical access to the machine at the moment to remove the hard drive. I did think issues with the program could cause this. I uninstalled it and installed it again but the problem remained.
William FulksSystems Analyst & Webmaster

Commented:
Here is info from Watchguard's site explaining how to setup access. It says in the first paragraph that elevated access is required for some things - https://www.watchguard.com/help/docs/ssl/3/en-us/content/en-us/access_client/access_client_install_std_user.html
Martyn SpencerSoftware Developer / Linux System Administrator / Managing Director

Commented:
Clearly do check what William has suggested, but I would personally not trust a reinstallation, since anything malicious would simply tamper with the reinstalled file. Comparing an MD5 sum of a working app to a non working app would be best done in a clean fashion as I suggested.

I will definitely concede that my suggestion is definitely of the "tin hat" variety but with VPN software, odd behaviours should always merit close inspection particularly if what you are doing has not changed and the exact functions that previously did not require UAC elevation are now requiring it.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
In addition to the above suggestions, see if there is a Settings Option that would affect this. There is such a setting in Glarysoft which became unset and caused UAC to show up. Sync Back uses a Manifest File to prevent UAC. So see if there may be a setting.
Distinguished Expert 2018

Commented:
Basic Troubleshooting would be to share what the Details of the UAC window say. Click on Details, share what program executable call (including Parameters, if any) has brought up UAC.
Distinguished Expert 2018

Commented:
Something had to change somewhere. Could be a setting like John mentioned. What version are you of the Watchguard software are you running anyway?
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
Is it a prompt for consent or for elevation?

Perhaps it is a code signed binary and the root certificates are not up-to-date on that computer
Martyn SpencerSoftware Developer / Linux System Administrator / Managing Director

Commented:
All of the advice given in this question is quite relevant for someone troubleshooting this kind of issue, so I propose that the comments that guide someone experiencing a similar issue are worthy of credit.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial