How To Analyze Windows Application Security With UAC Process Analyzer

Advertisement

UAC (User Account Control) is a Windows Security mechanism that ensures that malwares and virus infected scripts and applications will not be able to exploit system administrative privileges. Whenever an application attempts to write to system wide locations, it prompts standard user to enter system admin password to let application write to required system folders and locations, such as, Program Files, Windows registry, etc. UAC Process Analyzer is a portable application which informs you about the integrity of a selected running process. It helps users identify the UAC restrictions imposed on the applications. UAC Process Analyzer fetches UAC specific security details for selected application, which includes, Integrity Level, Trusted Directory, UAC Virtualization and Digital Signature. UAC Analyzer assists application developers in investigating the reasons due to which their applications might be considered suspicious by UAC.

To analyze an application, select its running process from “Process Name” drop-down menu and click Analyze.

UAC Process Analyzer 1.0

Once done, you will be provided with directory path, integrity level, UAC virtualization status and digital signature of the application. You can also check whether the application belongs to a trusted directory or not.

Process Details

Now that you have the UAC security details for the selected application, you must be thinking how to analyze the details? Let’s Start off with Integrity Level. The Integrity Level of an application ranges from Low to High. If an application has low integrity level, it implies that application cannot write to core system locations unless system administrator authorizes an elevation (a.k.a administrative privileges) via UAC to let application write data to system locations. This means that an application with high integrity level wouldn’t prompt user to gain administrative privileges for writing data to system folders, such as, program files, system32, etc.

The UAC Virtualization is an advance concept of making system as secure as possible. It defines the application access control of Windows core locations. When UAC Virtualization is Disabled for an application, it means that the application has the rights to access per-system folders, such as Program Files in drive where Windows is installed. The application can directly write to system locations and make changes to locations as long as other system functions are not disturbed by requested modifications.

Likewise the application, with UAC Virtualization Enabled, can’t write to system wide folders and locations, such as, Program Files and Windows Registry. However, UAC redirects write requests to user profile folders where application doesn’t need administrative privileges but can easily perform all those functions which are requested by a standard user.  The write requests of an application with UAC Virtualization Enabled are redirected to user profile folder instead of system wide folders and locations (Program Files, Windows, System32, Windows Registry hives) to prevent system from security threats and vulnerabilities.

Trusted Directory is a simple check which analyzes whether the application resides in trustworthy location or not. The Trusted Directory is the location which system administrator defines and can only be changed with system admin permissions. If you receive True for Trusted Directory check for an application, it means that application will not be interrupted by Trust Center security feature.

The last UAC security check is code signing, also referred to as Digital Signature. The Digital Signature helps end-users check whether the application has been altered by external sources or not. It presents in-depth details regarding the application publisher, such as, developer’s name, name of the certificate authority, validity period, serial number, signature algorithm and thumbprint.

Certificate

The concept behind code signing is to mitigate the spread of viruses and malwares which seem like normal applications but have the potential to surreptitiously gain and exploit administrative rights of system. Although many malicious applications often manage to show themselves as digitally signed, it’s still considered to be an important security check.

UAC Process Analyzer works on Windows Vista and Windows 7. Both 32-bit and 64-bit OS edition are supported.

Download UAC Process Analyzer

[via Ghacks]

 

Advertisement