The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

UAC blocks executable apps with revoked certificates in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

In Windows 11/10 OS, User Account Control (UAC) is a feature that is designed to prevent unauthorized changes to your operating system. In today’s post, we will attempt to provide an explanation as to why UAC blocks the elevation of executable applications that are signed with revoked certificates in Windows 11/10.

UAC blocks executable apps

What is User Account Control (UAC)?

UAS refers to User Account Control. It is a security feature in Windows 11/10 that stops apps from making changes to your system. A UAC prompt is shown, asking for permission when an application wants to make a system change like changes that affect other user accounts, modifications to Windows system files and folders, and installation of new software.

UAC Prompt

If the user clicks or taps No, the change won’t be carried out. If the user clicks or taps Yes (and enters the administrator password, if required) the application receives administrative permissions, and it can make the system changes it wants. These permissions are given only until the application stops running, or it is closed by the user. The same goes for files that trigger a UAC prompt.

UAC blocks elevation of executable applications that are signed with revoked certificates

In Windows 11/10, new User Account Control (UAC) behavior disallows/blocks the elevation of running applications that use revoked certificates to sign executable binary files.

This behavior prevents users from running certain applications. For example, users cannot run applications whose binary files are signed with stolen certificates.

According to Microsoft, to run an application, you must have the binaries files signed with valid certificates.

Types of alert messages associated with UAC

There are four different alert messages that can be associated with User Account Control. They are as follows:

  • Windows needs your permission to continue
  • A program needs your permission to continue
  • An unidentified program wants access to your computer
  • This program has been blocked

Also, there are many changes that require administrative privileges. Depending on how UAC is configured on your Windows computer, they can cause a UAC prompt to show up and request for permission. These are as follows:

  • Running an app as administrator
  • Changes to system-wide settings or files in the Windows or Program Files folders
  • Installing and uninstalling drivers & applications
  • Viewing or changing another user’s folders and files
  • Adding or removing user accounts
  • Configuring Windows Update
  • Changing settings to the Windows Firewall
  • Changing UAC settings
  • Changing a user’s account type
  • Running Task Scheduler
  • Restoring backed-up system files
  • Changing the system date and time
  • Configuring Parental Controls or Family Safety
  • Installing ActiveX controls (in Internet Explorer)
  • Making changes to the registry

How to know if an app can trigger the UAC prompt

Software that can trigger UAC prompt

In the case of installed software or apps, the UAC prompt appears when you run them with administrative privileges. By default, most apps do not run with the administrative privileges. However, some apps always require administrative privileges to run. Such apps have a guard icon on their shortcut (refer to the above screenshot). You can easily view this icon on the shortcut. When you launch such apps by double-clicking on them, Windows displays the UAC prompt.

In Windows 11/10, you can also make an app to always run as an administrator. You can do so by modifying its desktop shortcut properties. In this case, Windows will also show you the UAC prompt every time you launch that software or app.

Difference between different UAC settings

Windows 11/10 has four different types of UAC settings. You can view and change the UAC settings in the Control Panel. Open the Control Panel and go to User accounts > User accounts > Change User Account Control Setting. You can easily change the UAC settings by moving the slider up and down. We have explained about these four UAC settings below:

User Account Control Settings

  • Always notify me: This UAC setting has the highest level of security. When you enable it, Windows will notify you whenever an app tries to install software or make changes to your system. You will also be notified when you make changes to Windows settings through some apps, like Disc Management, Task Manager, Computer Management, Event Viewer, etc. This setting can irritate you. Therefore, it is only recommended to enable this setting if you routinely install new software and visit unfamiliar websites.
  • Notify me only when apps try to make changes to my computer (default): This is the default UAC setting on Windows computers. Here, you will not be notified when you make changes to the Windows settings. However, the UAC prompt appears when an app tries to make changes to your PC.
  • Notify me only when apps try to make changes to my computer (do not dim my desktop): This setting is the same as the previous one. The only difference is Windows does not dim your screen when the UAC prompt appears.
  • Never notify me: If you enable this setting, Windows will never show the UAC prompt, even if an app or software tries to make changes to your system. The prompt will also not appear when you make changes to Windows settings.

Microsoft does not recommend the last UAC setting because it makes your device vulnerable to threats.

Related: Fix To continue, type an administrator password UAC error.

How do I turn off UAC in Windows 11/10?

UAC or User Account Control is a security feature in Windows 11/10 computers designed to protect Windows from unauthorized changes. Microsoft does not recommend users turn off this feature. However, if you want to turn off UAC, you can do so via the Control panel. Open the Control Panel, open the User Accounts page, and then click on the Change User Account Control Settings.

What happens when UAC is disabled?

When UAC is enabled, Widows notifies you whenever an app tries to make changes to your system. In this case, a UAC prompt appears on your screen and the entire screen goes dark. You can accept or deny this action. However, if UAC is disabled, Windows will not notify you whenever an app tries to make changes to your system. In this case, a malicious app can take control of your system. Hence, disabling UAC will make your system vulnerable to threats.

I hope this post is clarifying enough!

Read: This app has been blocked for your protection message in Windows 11/10.

Obinna@TWC

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.