Require full administrator rights for limited administrator accounts

[cutting_edgetech 25]

Where has the setting for, "Require full administrator rights for limited administrator accounts" been moved to? Eset is driving me insane by having to elevate my window's privileges each time I respond to Eset's Firewall in Interactive Mode. I don't understand the purpose of this option, i'm not a limited Admin, yet Eset always makes me elevate my privileges to respond to firewall prompts. I'm the only Admin on the Computer other than the System Admin Account that is built into Windows 10 by default. I'm using Eset 13.2.18.0 on Windows 10 x64 Pro version 2004.

Edited September 16, 2020 by cutting_edgetech

[Marcos 5,074]

The option was removed for security reasons one or two years ago if I recall correctly.

[cutting_edgetech 25]

How do I stop Eset from requiring me to elevate my Windows privileges each time I respond to Eset's firewall prompts in Interactive Mode?

[Marcos 5,074]

It is not possible without disabling UAC.

[cutting_edgetech 25]

Why does Eset require users using Full Admin Accounts to answer UAC prompts if they choose to remember the action they took (create a firewall rule) when responding to firewall prompts? I'm using a Full Admin Account. I'm the only account on the system other than the default accounts that come preinstalled on Windows 10, like the the built in Admin Account that is used by the OS itself. I've tested all the other major AV vendors at one time or another and none of them have required using UAC to respond to a firewall prompt.

[stackz 112]

FWIW the only time in Interactive mode that I get a UAC prompt is when I'm saving a rule.

[itman 1,659]

11 hours ago, cutting_edgetech said:

I don't understand the purpose of this option, i'm not a limited Admin, yet Eset always makes me elevate my privileges to respond to firewall prompts. I'm the only Admin on the Computer other than the System Admin Account that is built into Windows 10 by default.

The default account in Win 10 is limited Admin. Appears you are running instead under a standard user account? This is why you are getting the UAC alerts. Note that Microsoft has removed the full hidden Admin account from Home and I beleive Pro versions some time ago.

If you run as limited admin which BTW runs with standard user privileges and elevates to Admin status via UAC when required, this should eliminate these UAC alerts from Eset firewall in Interactive mode assuming UAC is set to default level. If UAC is set to max. level (recommended), the UAC alerts will continue.

Edited September 16, 2020 by itman

[cutting_edgetech 25]

6 hours ago, stackz said:

FWIW the only time in Interactive mode that I get a UAC prompt is when I'm saving a rule.

Something from Windows 10 or Microsoft Apps for Enterprise (Microsoft Office) is always requested outbound internet access. I have been creating rules since yesterday and i'm still being bombarded with Microsoft outbound request. I just had to respond to about 15 outbound request, one after the other after the desktop appeared. My computer would not boot the first 2 attempts, it stalled at the login screen, I waited for about 15 minutes, before trying to reboot each time. I believe all the outbound request from Windows before the desktop had a chance to load was causing Windows to freeze because the UAC prompt was unavailable for me to respond to yet.

[cutting_edgetech 25]

7 hours ago, itman said:

The default account in Win 10 is limited Admin. Appears you are running instead under a standard user account? This is why you are getting the UAC alerts. Note that Microsoft has removed the full hidden Admin account from Home and I beleive Pro versions some time ago.

If you run as limited admin which BTW runs with standard user privileges and elevates to Admin status via UAC when required, this should eliminate these UAC alerts from Eset firewall in Interactive mode assuming UAC is set to default level. If UAC is set to max. level (recommended), the UAC alerts will continue.

I created an Admin account when installing Windows. It's the only account that was created. I would have to check to see what Accounts Windows creates by default. I believe it still creates an Admin Account that can only be used by the OS. I had to take ownership of a registry key a couple of days ago, and I believe I remember seeing another Admin Account in there that had been created by the OS.

This is my first time using Windows in 2 years, so that's why I did not know Eset removed the option in the UI, "Require full administrator rights for limited administrator accounts". I had been using Eset since 2003 up until 2 years ago. I have only been using Linux for the last 2 years (Windows 10 broke compatibility with my MB firmware), but I have to use Windows 10 for some of my classes this semester due to some of the Enterprise Software I use. I will have to get reoriented with Windows since many OS changes have been made over the last 2 years. The last version of Windows 10 I used was Windows 10 Pro version 1709. That was the last version of Windows 10 that was compatible with my PC.

Edited September 16, 2020 by cutting_edgetech

[itman 1,659]

One solution here is to create a firewall rule to allow all outbound traffic. Set its logging severity level to Warning. Move the rule to the bottom of the existing rule set. This will create a Network protection log entry for every outbound request the rule is triggered for.

Create the rule just prior to shutting down the PC for the night. When you do a cold boot the next morning and the desktop appears and the system settles down, review the Network protection log for entries generated by the above rule. You can then create permanent firewall rules for the processes associated with these log entries as you see fit.

Note that monitoring all Win 10 outbound system and Store network activity is pretty an effort in futility.  System package and Store app directory and/or file names change with each app update.

 

Edited September 16, 2020 by itman

[cutting_edgetech 25]

Anyway, I still don't understand why Eset requires the user to elevate privileges to create a firewall rule when responding to firewall prompts. I don't believe disabling UAC is a good ideal, so that's not a good solution.  Maybe Eset can make a change in their design.

As  I stated above, it took me 3 attempts to get Windows to boot today. The only change I made to my system was changing Eset to Interactive Mode. I believe all the outbound request from Windows before the desktop had a chance to load was causing Windows to freeze because the UAC prompt was unavailable for me to respond to yet. As soon as the desktop successfully loaded on the 3rd attempt, I had to respond to about 15 UAC prompts one after the other since I had to create 15 outbound rules.

Edited September 16, 2020 by cutting_edgetech

[cutting_edgetech 25]

16 minutes ago, itman said:

One solution here is to create a firewall rule to allow all outbound traffic. Set its logging severity level to Warning. Move the rule to the bottom of the existing rule set. This will create a Network protection log entry for every outbound request the rule is triggered for.

Create the rule just prior to shutting down the PC for the night. When you do a cold boot the next morning and the desktop appears and the system settles down, review the Network protection log for entries generated by the above rule. You can then create permanent firewall rules for the processes associated with these log entries as you see fit.

Note that monitoring all Win 10 outbound system and Store network activity is pretty an effort in futility.  System package and Store app directory and/or file names change with each app update.

 

That's not really the solution I want, but I may try it if all else fails. Thanks! I have to do some Network, and Database work now for school.