How do I avoid UAC when my EXE file name contains the word "update"?

delphi uac delphi-7
Christian picture Christian · Nov 9, 2010 · Viewed 8.1k times · Source

I noticed the following phenomenon:

An executable built with Delphi 7 and part of the name including "Update" (e.g. "UpdateMyApp.exe") causes UAC to step in to display a warning like "do you want to allow the program to make changes to your computer".

This happens with a simple hello world application. Showing the file in explorer shows the shield symbol overlayed to the application icon.

As soon as you rename the exe the shield disappears and the application starts without warnings.

As mentioned this only happens to programs built with Delphi 7 and started on Windows 7 (I assume same on Vista) but not on e.g. WinXP.

A quick check with Delphi 2007 shows that this problem is gone.

Funny... scarying...

Besides renaming the file, what can I do to prevent this?

Answer

RRUZ picture RRUZ · Nov 9, 2010

This behavior is caused because the applications build with Delphi 7 by default does not have a manifest, or have one with no requestedExecutionLevel attribute. Because of that Windows thinks that you need administrator access when your application name contains words like Setup or Update. this process is called Installer Detection Technology and was introduced alongside UAC with Windows Vista.

From the MSDN site:

Installer Detection only applies to:

  1. 32 bit executables

  2. Applications without a requestedExecutionLevel

  3. Interactive processes running as a Standard User with LUA enabled

Before a 32 bit process is created, the following attributes are checked to determine whether it is an installer:

  • Filename includes keywords like "install," "setup," "update," etc.
  • Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
  • Keywords in the side-by-side manifest embedded in the executable.
  • Keywords in specific StringTable entries linked in the executable.
  • Key attributes in the RC data linked in the executable.
  • Targeted sequences of bytes within the executable.

Moreover Delphi 2007 by default include a manifest in your applications with the requestedExecutionLevel key.

This is a sample manifiest created by delphi 2007. You can see that this manifest has the requestedExecutionLevel attribute in the content. 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity
    type="win32"
    name="CodeGear RAD Studio"
    version="11.0.2902.10471" 
    processorArchitecture="*"/>
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
        type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        publicKeyToken="6595b64144ccf1df"
        language="*"
        processorArchitecture="*"/>
    </dependentAssembly>
  </dependency>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="asInvoker"
          uiAccess="false"/>
        </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

Related questions

Delphi 7 vista / windows 7 manifest

Would anyone have an example of a manifest file for Delphi 7 which allows apps to run as administrator on Windows XP / Vista / 7? Running an application with this feature usually leads to a User Account Control (UAC) dialog asking for privileged …

Read More
Looking for Delphi 7 code to detect if a program is started with administrator rights?

I am looking for working (obviously) Delphi 7 code so I can check whether my program is started with administrator rights. Thanks in advance [--- IMPORTANT UPDATE ---] Having reviewed the code in the answers so far, I realise that my …

Read More
Delphi: Prompt for UAC elevation when needed

We need to change some settings to the HKEY_LOCAL_MACHINE at runtime. Is it possible to prompt for uac elevation if needed at runtime, or do I have to launch a second elevated process to do 'the dirty work'?

Read More