Use UAC Process Analyzer to Check Application Security

The Windows Vista and 7 User Account Control security feature has been around for several years now and most people will have at least come across it in some form or another. To put it simply, User account Control (UAC) is there to help prevent users getting their system infected with malicious applications and scripts. This is achieved by preventing potentially suspect software from automatically executing itself when it is asking for access to various important system locations such as the Windows and Program Files folders or the registry. Granting these extra privileges can only be achieved through an Administrator account and standard users will need to provide the administrator’s password for that access to be granted to the protected locations. Changing and configuring a number of Windows own settings can also trigger the UAC prompt as well as installing and removing software.

Being a system administrator, there may be times when you want to have a closer look at some of the systems running processes. Whether there is an issue with a piece of software currently running, and you suspect it may be connected with the programs access rights, or an unknown process requires a bit more investigation about its integrity and what rights it has, or has asked for. A useful little utility called UAC Process Analyzer can help give you that valuable information about the integrity of a running process. It can also help identify what user account control restrictions are currently in place for the process and whether it is being executed from a trusted location. UAC Process Analyzer is a portable application of around a Megabyte unzipped. As you might expect, the program needs to be Run as Administrator when starting for non admin users. Usage couldn’t be much simpler, select the process to analyze from the drop down list and click the Analyze button. All the relevant security information will then be displayed which requires a brief explanation.

UAC Process Analyzer main window

The filename is the file description name taken from the file details, and File Details is pretty self-explanatory, being the physical location of the file. Integrity Level is the amount of access the process has been granted to perform write operations in important system locations. Low Integrity means the process can only be granted this level of access after being allowed to by the administrator. A High integrity level is obviously the opposite and means a user does not need administrator privileges and will not be prompted for enabled write access to these locations.

When the UAC Virtualization is enabled, this means the process does not have write access to Program files, Windows folders or other core system areas. Writes instead are redirected to the user profile folders where elevated privileges are not required and critical system files have much less chance of be harmed. Disabled means full write access is granted for the process. Trusted Directory is simply used to check whether the application is situated in a trusted location or not.

The last piece of information tells you if the process has been digitally signed or not and could help determine if the file has been altered from its original state. If a signature is present, clicking on Show information about this publishers certificate will display more information about the certificate including issued to and issued by, the serial number, algorithm and thumbprint.

showing a certificate in UAC Process Analyzer

Compatible with Windows Vista SP2 and Windows 7 32-bit and 64-bit

Download UAC Process Analyzer

One Response - Write a Comment

  1. Charlie 5 years ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please ask in our forum or contact us directly.