Self-Update Functionality (User Account Control)
AdminStudio 2021 | 21.0 | Application Manager
For this operating system compatibility test, the Windows Installer database is scanned for the presence of unmanifested executable files that are recognized as installations, upgrades, or patches. Heuristic analysis scans files that match any of the following criteria: *update*.exe, *setup*.exe,*install*.exe, *unins*.exe, or *patch*.exe for their User Account Control (UAC) awareness.
Test Group/Test Category
| • | 0019—Operating System Compatibility/Windows 7 (32-Bit) |
| • | 0219—Operating System Compatibility/Windows 7 (64-Bit) |
| • | 0319—Operating System Compatibility/Windows 8.1 (32-Bit) |
| • | 0419—Operating System Compatibility/Windows 8.1 (64-Bit) |
| • | 2619—Operating System Compatibility/Windows 10-1803 (32-Bit) |
| • | 2819—Operating System Compatibility/Windows 10-1809 (and 2019 LTSC) (32-Bit) |
| • | 5019—Operating System Compatibility/Windows 10-1903 (32-Bit) |
| • | 5219—Operating System Compatibility/Windows 10-1909 (32-Bit) |
| • | 5419—Operating System Compatibility/Windows 10-2004 (32-Bit) |
| • | 5619—Operating System Compatibility/Windows 10-20H2 (32-Bit) |
| • | 2719—Operating System Compatibility/Windows 10-1803 (64-Bit) |
| • | 2919—Operating System Compatibility/Windows 10-1809 (and 2019 LTSC) (64-Bit) |
| • | 5119—Operating System Compatibility/Windows 10-1903 (64-Bit) |
| • | 5319—Operating System Compatibility/Windows 10-1909 (64-Bit) |
| • | 5519—Operating System Compatibility/Windows 10-2004 (64-Bit) |
| • | 5719—Operating System Compatibility/Windows 10-20H2 (64-Bit) |
| • | 0119—Operating System Compatibility/Windows Server 2008 R2 |
| • | 0519—Operating System Compatibility/Windows Server 2012 |
| • | 0619—Operating System Compatibility/Windows Server 2016 |
| • | 1019—Operating System Compatibility/Windows Server 2019 |
Severity
Warning
Message
This Windows Installer database contains self-update functionality in file [FILE_NAME] (Table: File, Key: [FILE_KEY]).
Background
Some software has a built-in mechanism to automatically update itself. Self-updating should be avoided in a managed environment due to lack of control over managed software and privilege issues. Furthermore, the self-update functionality might leave old files behind or cause issues when the software is being removed. Since Windows Vista, installation and update programs are recognized and, if UAC is enabled, cause prompts for credentials. This is done to prevent installations without the user’s knowledge and approval.
Resolution
The following resolutions are available.
Manual Fix
Self-update functionality of the software should be disabled.
Basic Auto Fix
A manifest file is added for each unmanifested installation or upgrade in a Windows Installer transform. The content of the manifest depends on whether the executable file is UAC aware. If the executable file is UAC aware, the manifest file sets the privilege level to requireAdministrator. If the executable is not UAC aware, the manifest file sets the privilege level to asInvoker.
This fix is enabled by default.
Advanced Auto Fix
Unmanifested executable files that matching the following patterns are removed in a Windows Installer transform: *update*.exe, *setup*.exe,*install*.exe, *unins*.exe or *patch*.exe.
Caution:This might have a high negative impact on application functionality.
See Also
Understanding and Configuring User Account Control in Windows Vista