Windows 7 permission problems

[pecosred]

I recently purchased a new Sony Vaio laptop loaded with Windows 7 Home Premium 64 bit. I immediately installed Malwarebytes v. 1.42 on it, but I cannot get the program to run without receiving the UAC prompt asking if I want to allow the program to make changes to the computer.

When I set my shortcuts to run the program as an administrator, I first receive an "access denied" popup telling me that I must provide an administrator password to make the change. (The user account I am using is designated as an administrator.) Clicking on the "Continue" button is not followed by any other prompt, and the "run as administrator" option remains checked. However, I still receive the UAC prompt when opening the program. I get the same result when setting the "run as administrator" option under Compatibility mode. In fact, I even receive the prompt when opening the program using the "Run as administrator" option from the context menu.

I ran the compatibility troubleshooter and was given the result that mbam was "incompatible."

I uninstalled Malwarebytes, ran mbam-clean, and reinstalled it, and it's still behaving the same way.

Is there something else I should try?

[exile360]

Greetings

It is quite normal for mbam.exe (the scanner) to invoke a User Account Control prompt because it requires administrative privelages to run. I use Malwarebytes' Anti-Malware in Windows Vista and it behaves exactly the same way.

[pecosred]

Greetings

Hi, and thanks for the reply.

It is quite normal for mbam.exe (the scanner) to invoke a User Account Control prompt because it requires administrative privelages to run.

Even when being run as an administrator?

Forgive me, I'm fairly unfamiliar with Vista/Win 7, but I thought the whole point of running a program as an administrator was to bypass the UAC prompt. Starting NOD32 antivirus does not produce the prompt.

I was happy to discover that the prompt did not appear before the scheduled scan would run.

[YoKenny1]

I use Windows 7 64-bit and the UAC does not appear with my morning Quick scan.

[exile360]

@YoKenny1: When it runs as a scheduled task through the Task Scheduler it would not as Task Scheduler can execute programs with system level privelages (the same as services) which does bypass UAC

@pecosred: NOD32 bypasses UAC because it has a system level service running which as I mentioned above to YoKenny1, allows programs to bypass UAC but still run with the necessary privelages. The scanner for Malwarebytes' requires elevated privelages to run and be able to delete infections if they are found, especially if they reside in a system folder such as the Windows directory or Program Files as they have protection built in by permissions denying write/delete privelages to non-admin users and processes (you can test this yourself, just create a text file and try copying it to either Program Files or Windows, UAC should prompt you for permission to copy the file there).

[pecosred]

I guess I was misunderstanding administrator privileges. Evidently there is an even higher level of privileges.

I created a task in Task Scheduler and then created a desktop shortcut to that task, as outlined here. (The tutorial is for Windows Vista. Apparently the difference for Windows 7 is that there should be no quotations around the task name in the shortcut.)

Now I can start mbam without receiving the UAC prompt.

[exile360]

The question is, why is it so necessary for you to start the scanner without a UAC prompt? The protection module (tray icon) should start without a UAC block so your protection will function without being blocked (or at least it should as long as permissions weren't altered for mbamgui.exe).

[pecosred]

The question is, why is it so necessary for you to start the scanner without a UAC prompt?

The person who is going to be using this computer has a hard time dealing with change and is accustomed to using Windows XP. I'm trying to minimize the number of differences that he will encounter.

Also, everything I read indicated that the prompt should not appear when running a program as an administrator, so it seemed as if something was going wrong. I'm still a bit confused about when the UAC prompt should appear.

The protection module (tray icon) should start without a UAC block so your protection will function without being blocked (or at least it should as long as permissions weren't altered for mbamgui.exe).

Yes, that is true, and it appears to be working correctly.

[exile360]

Honestly, the best option would be to let the person get used to UAC, it's not going anywhere and believe it or not, it's a very good thing. Preventing programs from automatically executing with administrative privelages is a very powerful security feature. You should click the UAC and On links in my signature below, they explain a lot about what UAC is and how it works.

[pecosred]

Honestly, the best option would be to let the person get used to UAC

Heh. Yes, of course, I agree. However, it's much more likely that he will insist that I remove this terrible new system and install XP instead.

You should click the UAC and On links in my signature below, they explain a lot about what UAC is and how it works.

Thank you, although I can't say that I understand all of it.

[exile360]

Have you ever heard of sandboxing applications such as sandboxie? It works sort of like that. Basically UAC makes sure that every program that runs executes with the lowest level of privelages, meaning they can't do certain things such as create/delete/alter files in certain key locations such as the Windows system folder, the Program Files directory and other critical areas that make system wide changes. They also cannot create/delete/modify most registry locations, again, preventing system changes. It's basically a step by Microsoft to help mitigate the risks posed to users who always run their computers using an administrative user account, something that has proven to be quite risky given XP and previous OS's track records for contracting infections.

The idea is that even if you're using an administrative account, should a file try to execute and make system changes (such as a piece of malicious software trying to attack your PC after downloading from a malicious website) UAC will pop up and warn you about it, thus giving you the opportunity to deny the program system access, thus preventing the infection . The best course of action is to look at the prompts and see if you recognize the program that brought up the UAC prompt and if you do not, then don't allow it. Of course, if you are deliberately making system changes or installing, executing or removing a program that you know is safe, then you can click Continue or Allow at the User Account Control prompts. This type of technology has existed in the Mac and Linux worlds for years, and since Vista, Microsoft has brought it to the Windows world, albeit with mixed reviews (many negative of course ).

The truth is, it's a good idea for users to pay attention to what's going on with their PC's, especially now that activities such as online banking, online shopping and other services and activities that use personal and financial information are so common, otherwise they may easily find themselves victims of identity theft, loss of money, loss of data and personal information, and possibly damage to their PC. Security software such as antivirus, Malwarebytes' Anti-Malware etc certainly helps a lot, but no single method or tool is 100% effective now that cybercriminals are motivated by money, not just pulling practical jokes or doing it for the joy of hacking. The web has become a dangerous place and Microsoft reacted to it with technologies like UAC.

You can read more info about UAC here.

I hope I've been helpful .

[whatmeworry?]

Thanks very much, exile360, for this helpful explanation of UAC. I just bought a Toshiba netbook with Windows 7, and I'm encountering UAC for the first time. Your clear, reassuring explanation clears up some questions I had, so even though I haven't been part of this thread, I wanted to thank you.

[pecosred]

Yes, thanks to exile360 for the thorough explanation! However, it does seem to me that a program like Malwarebytes ought to run with the highest permissions.

I suppose it's a "legacy" application, though.

[exile360]

You're welcome

As for Malwarebytes' running with highest permissions, I asked the developers the same question at one point and it was explained to me that because of how UAC works, the scanner (mbam.exe) needs to run under the current user account in order to scan that user's registry profile (located under HKEY_CURRENT_USER in the registry) as well as the user's folders such as their documents, desktop and other user profile specific settings and locations so that it can detect infections that only affect the currently logged on user, that's why MBAM by default does not request elevation through UAC in limited or "standard" user accounts. For that reason I'd recommend only running MBAM as admin when it is necessary, as it was in this scenario and when updating the program (it needs administrative privelages to update because the database is stored in the All Users location which is protected with higher privelages required to write to it, modify it or delete files from it).