The Windows Vista and 7 User Account Control security feature has been around for several years now and most of people will have at least come across it in some form or another. To put it simply, User account Control (UAC) is there to help prevent users getting their system infected with malicious applications and scripts. This is achieved by preventing potentially suspect software from automatically executing itself when it is asking for access to various important system locations such as the ‘Windows’ and ‘Program Files’ folders or the registry. Granting these extra privileges can only be achieved through an Administrator account and standard users will need to provide the administrator’s password for that access to be granted to the protected locations. Changing and configuring a number of Windows own settings can also trigger the UAC prompt as well as installing and removing software.
Being a system administrator, there may be times when you want to have a closer look at some of the systems running processes. Whether there is an issue with a piece of software currently running, and you suspect it may be connected with the programs access rights, or an unknown process requires a bit more investigation about its integrity and what rights it has, or has asked for. A useful little utility called UAC Process Analyzer can help give you that valuable information about the integrity of a running process. It can also help identify what user account control restrictions are currently in place for the process and whether it is being executed from a trusted location.
UAC Process Analyzer is a portable application of around a Megabyte unzipped. As you might expect, the program needs to be ‘Run as Administrator’ when starting for non admin users.
Usage couldn’t be much simpler, select the process to analyse from the dropdown list and click the ‘Analyse’ button. All the relevant security information will then be displayed which requires a brief explanation.
The filename is the file description name taken from the file details, and ‘File Details’ is pretty self explanatory, being the physical location of the file.
‘Integrity Level’ is the amount of access the process has been granted to perform write operations in important system locations. ‘Low’ Integrity means the process can only be granted this level of access after being allowed to by the administrator. A ‘High’ integrity level is obviously the opposite and means a user does not need administrator privileges and will not be prompted for enabled write access to these locations.
When the ‘UAC Virtualization’ is enabled, this means the process does not have write access to ‘Program files’, ‘Windows’ folders or other core system areas. Writes instead are redirected to the user profile folders where elevated privileges are not required and critical system files have much less chance of be harmed. ‘Disabled’ means full write access is granted for the process.
‘Trusted Directory’ is simply used to check whether the application is situated in a trusted location or not.
The last piece of information tells you if the process has been digitally signed or not and could help determine if the file has been altered from its original state. If a signature is present, clicking on ‘Show information about this publishers certificate’ will display more information about the certificate including issued to and issued by, the serial number, algorithm and thumbprint.
Compatible with Windows Vista SP2 and Windows 7 32bit and 64bit
Nice – just added it to my toolbox.