Windows 10 Security real-time protection doesn't always prompt to disable w/UAC
13 views
Skip to first unread message
Micheal Espinola
Apr 4, 2023, 2:25:12 AM4/4/23
to ntsys...@googlegroups.com
Windows 10.0.19045.2788
1. If system resources are exhausted enough, you can disable real-time protection without UAC prompt (hard to intentionally reproduce, but I have sporadically and unintentionally done so too many times to not be considered a personal confirmation). I can typically do this if I am gaming while having many browser windows with hundreds of tabs (tabs are suspended, but do exist). CPU can be low, but memory usage tends to be upward of 75% of 16 GB. It's otherwise seemingly sporadic, as I cannot intentionally recreate the issue. It's just something that I have to stumble upon noticing.
2. Real-time protection can be disabled without UAC prompt if the Windows Security window is left open after a previous intentional disabling of real-time protection (with an initial proper UAC prompt). After the first time, if the window is left open, you do not get prompted for UAC for any additional disablings (if enabled manually as well as re-enabled automatically after the "short time" timeout)
Known issue? Has anyone else observed something similar? You could say that #2 is technically self-inflicted, but it was not expected behavior to me. It seems dangerous and exploitable.
Espi
Shawn K. Hall
Apr 4, 2023, 3:26:57 AM4/4/23
to ntsys...@googlegroups.com
#2 is by design as an effort to avoid nagging the user who is making a
dozen security changes that each require elevation. By rights, it
*should* time out, but it is not designed to.
-S
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL63
> %3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL6
> 3%3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com?utm_med
ium=email&utm_source=footer> .
>
>
dozen security changes that each require elevation. By rights, it
*should* time out, but it is not designed to.
-S
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL63
> %3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL6
> 3%3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com?utm_med
ium=email&utm_source=footer> .
>
>
Micheal Espinola
Apr 4, 2023, 1:54:47 PM4/4/23
to ntsys...@googlegroups.com
I'm very surprised I never noticed #2 before. This is a serious design flaw imho; to leave an app of security-related toggle switches unprotected like this. It was my impression that this was the sort of thing that the UAC was meant to prevent.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/C16FAED289A14FA7B878F8B966BA6220%40Firefly.
Espi
Shawn K. Hall
Apr 4, 2023, 3:27:17 PM4/4/23
to ntsys...@googlegroups.com
In theory, sure, but it's just like opening an elevated terminal or powershell or cmd prompt. Once it's approved it stays elevated until closed, even if that's days or weeks from the time you approve the UAC prompt. If you fail to close it (like locking the door to your car when you get out) then it's really on you.
> <mailto:ntsysadmin%2Bunsu...@googlegroups.com> .
> 878F8B966BA6220%40Firefly.
> -EApaAtN_%3DyjRG%3D443Q3of1WfmbhrQXvnaRg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwnXo8t%2B
> i-EApaAtN_%3DyjRG%3D443Q3of1WfmbhrQXvnaRg%40mail.gmail.com?utm
_medium=email&utm_source=footer> .
>
>
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL63
> > %3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com
> > <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL6
> > 3%3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com?utm_med
> ium=email&utm_source=footer> .
> >
> >
>
> --
> You received this message because you are subscribed to
> the Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving
> emails from it, send an email to
> ntsysadmin+...@googlegroups.com
> <mailto:ntsysadmin%2Bunsu...@googlegroups.com> .
> > https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL63
> > %3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com
> > <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwX_z5rWL6
> > 3%3DWe64mTnTDrX46-QofCauoUcTYHh2XJNyg%40mail.gmail.com?utm_med
> ium=email&utm_source=footer> .
> >
> >
>
> --
> You received this message because you are subscribed to
> the Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving
> emails from it, send an email to
> ntsysadmin+...@googlegroups.com
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ntsysadmin/C16FAED289A14FA7B
> 878F8B966BA6220%40Firefly.
>
>
>
>
> --
>
> Espi
>
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwnXo8t%2Bi
>
>
>
> --
>
> Espi
>
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit
> -EApaAtN_%3DyjRG%3D443Q3of1WfmbhrQXvnaRg%40mail.gmail.com
> <https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuwnXo8t%2B
> i-EApaAtN_%3DyjRG%3D443Q3of1WfmbhrQXvnaRg%40mail.gmail.com?utm
_medium=email&utm_source=footer> .
>
>
Reply all
Reply to author
Forward
0 new messages