Azure Phoenix 10 Posted June 5, 2017 Share Posted June 5, 2017 Currently, I'm not using ESET, but wanted to know the answer to this question. Is it possible to use ESET on a SUA account without UAC prompts? Other security softwares, like Emsisoft, have no problem with configurations and rules on SUA accounts. However ESET (in interactive modes) constantly prompts UAC. Link to comment Share on other sites More sharing options...
itman 1,538 Posted June 5, 2017 Share Posted June 5, 2017 (edited) 48 minutes ago, Azure Phoenix said: Other security softwares, like Emsisoft, have no problem with configurations and rules on SUA accounts. However ESET (in interactive modes) constantly prompts UAC. For starters, Eset alerts have nothing to do with the built-in Windows UAC feature. The problem you are having is that you are using Eset's "interactive" modes where applicable. These modes are designed to alert for any event that hasn't previously been detected and require user interaction to: 1. Allow or block the activity without creating a rule to remember the selected action. 2. Allow or block the activity and create a rule to remember the selected action. This will result in no subsequent alerts for the same activity. Both the firewall and HIPS can be switched to a learning mode that will create corresponding allow rules for all activity for a predetermined learning period. After the learning period has lapsed, one can switch to interactive mode which will only alert for new activity. Alternatively and recommended is to use Eset's default settings which are designed to minimize user alerts to only critical events that require immediate user attention. Edited June 5, 2017 by itman Link to comment Share on other sites More sharing options...
Azure Phoenix 10 Posted June 17, 2017 Author Share Posted June 17, 2017 On 6/5/2017 at 7:15 PM, itman said: For starters, Eset alerts have nothing to do with the built-in Windows UAC feature. The problem you are having is that you are using Eset's "interactive" modes where applicable. These modes are designed to alert for any event that hasn't previously been detected and require user interaction to: 1. Allow or block the activity without creating a rule to remember the selected action. 2. Allow or block the activity and create a rule to remember the selected action. This will result in no subsequent alerts for the same activity. Both the firewall and HIPS can be switched to a learning mode that will create corresponding allow rules for all activity for a predetermined learning period. After the learning period has lapsed, one can switch to interactive mode which will only alert for new activity. Alternatively and recommended is to use Eset's default settings which are designed to minimize user alerts to only critical events that require immediate user attention. Can you or anyone else do the following? Might be best to test on Windows 10 x64 Latest version to be sure. 1. Go to a SUA account 2. Make sure UAC is at default (Which should be "Always notify", the highest setting) 3. Get an alert from ESET either HIPS or Firewall 4. Click Yes on the alert, and make sure rules are created. 5. You should get an UAC prompt at that time. Click "No". If I recall in this scenario, ESET states rules couldn't be created or something similar. Link to comment Share on other sites More sharing options...
itman 1,538 Posted June 17, 2017 Share Posted June 17, 2017 (edited) 15 hours ago, Azure Phoenix said: Can you or anyone else do the following? Might be best to test on Windows 10 x64 Latest version to be sure. 1. Go to a SUA account 2. Make sure UAC is at default (Which should be "Always notify", the highest setting) 3. Get an alert from ESET either HIPS or Firewall 4. Click Yes on the alert, and make sure rules are created. 5. You should get an UAC prompt at that time. Click "No". I don't have a SUA setup, so can't test. I do run as local admin with UAC set to max. level. As such if Eset was triggering an UAC alert, I should be receiving one and never have on rules creation of any kind. Believe the following setting is what is causing your issue when a SUA is used. Set it off and see if the UAC alert goes away. By definition, a SUA account shouldn't be modifying ESET settings in most environment's: Edited June 17, 2017 by itman Link to comment Share on other sites More sharing options...
Azure Phoenix 10 Posted June 24, 2017 Author Share Posted June 24, 2017 On 6/17/2017 at 2:35 PM, itman said: I don't have a SUA setup, so can't test. I do run as local admin with UAC set to max. level. As such if Eset was triggering an UAC alert, I should be receiving one and never have on rules creation of any kind. Believe the following setting is what is causing your issue when a SUA is used. Set it off and see if the UAC alert goes away. By definition, a SUA account shouldn't be modifying ESET settings in most environment's: I don't have ESET installed so I can't test properly right now. However when I had ESET installed, I did disabled that setting to see if it helped. It didn't. Link to comment Share on other sites More sharing options...
Recommended Posts