G
Guest
How in the world do you TURN OFF this annoying Defender's messaging saying
that it has blocked start up programs etc . . .
thanks to fellow Vista users
that it has blocked start up programs etc . . .
thanks to fellow Vista users
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
Well, I have spent many days on researching this problem and I have the answer.
First of all, it is NOT Windows Defender; it is built into the UAC. Part of
the Best Practices programming interface is for there be a manifest file
(either embedded into the program or else as a text file in the same
directory as the program). Among many things that this manifest file does
(if it is external it has a suffix of .manifest) is indicate the security
level required. It can be Administrator, highestavailable, or asinvoker. If
you have signed in as an administrator, then this program will be
automatically blocked. You can then right click, run the program, and then
you will get the allow/cancel prompt. I have been advised by a
programmer/analyst that this procedure is to avoid confusion about where the
allow/cancel prompt is coming from. If you booted without that dual
indication, you might not know whether it was a legitimate program or not.
Makes sense in hindsight.
You can always turn off the UAC, but that is definitely NOT advisable under
Microsoft's security protocol.
However, it is a pain because of the double prompts. There is an easy
solution. If you know that a program requiring administrative permissions is
being run at startup,. the first thing to do is to determine from where it is
running. If from the run in the registry, then remove it from the registry
and create a .bat file (remember those?) that runs the program and then place
it in the Startup folder. Similarly, if it is run from the Startup folder,
merely create the same .bat file and run it from within that bat file. Since
the. bat file does NOT require administrative privileges, it will run with
only on the allow/cancel prompt. To me that is an adequate solution.
If there is a .manifest text file in the same directory as the startup
program, just changing the privileges to "asInvoker" will also solve the
problem. There is a danger in this however. If that program calls other
programs that require administrative privileges, then you run the risk of
compromising your computer's security. You need to understand what the
bootup program is doin. If it is overclk.exe, for example, a part of the
ASUS capability of overclocking the BIOS from within Windows and this is your
personal computer, no problem. Other programs, however, are more complex and
so you need to be careful and research thoroughly.
Finally, I believe this process to be a hole in Microsoft's security. What
is to prevent a malicious script from inserting a .bat file into the startup
folder and running some program that a novice user is simply going to say
"allow" to? This is the first time I have seen this question raised and I
believe it to be worthy of Microsoft's attention.
I hope this detailed response has helped you. Credit goes to the technical
team at Winbatch (www.winbatch.com) for suggesting the solution to my
problem. For further information about .manifest files. please go to:
http://msdn2.microsoft.com/en-us/library/aa480150.aspx
Good luck.
Albert
First of all, it is NOT Windows Defender; it is built into the UAC. Part of
the Best Practices programming interface is for there be a manifest file
(either embedded into the program or else as a text file in the same
directory as the program). Among many things that this manifest file does
(if it is external it has a suffix of .manifest) is indicate the security
level required. It can be Administrator, highestavailable, or asinvoker. If
you have signed in as an administrator, then this program will be
automatically blocked. You can then right click, run the program, and then
you will get the allow/cancel prompt. I have been advised by a
programmer/analyst that this procedure is to avoid confusion about where the
allow/cancel prompt is coming from. If you booted without that dual
indication, you might not know whether it was a legitimate program or not.
Makes sense in hindsight.
You can always turn off the UAC, but that is definitely NOT advisable under
Microsoft's security protocol.
However, it is a pain because of the double prompts. There is an easy
solution. If you know that a program requiring administrative permissions is
being run at startup,. the first thing to do is to determine from where it is
running. If from the run in the registry, then remove it from the registry
and create a .bat file (remember those?) that runs the program and then place
it in the Startup folder. Similarly, if it is run from the Startup folder,
merely create the same .bat file and run it from within that bat file. Since
the. bat file does NOT require administrative privileges, it will run with
only on the allow/cancel prompt. To me that is an adequate solution.
If there is a .manifest text file in the same directory as the startup
program, just changing the privileges to "asInvoker" will also solve the
problem. There is a danger in this however. If that program calls other
programs that require administrative privileges, then you run the risk of
compromising your computer's security. You need to understand what the
bootup program is doin. If it is overclk.exe, for example, a part of the
ASUS capability of overclocking the BIOS from within Windows and this is your
personal computer, no problem. Other programs, however, are more complex and
so you need to be careful and research thoroughly.
Finally, I believe this process to be a hole in Microsoft's security. What
is to prevent a malicious script from inserting a .bat file into the startup
folder and running some program that a novice user is simply going to say
"allow" to? This is the first time I have seen this question raised and I
believe it to be worthy of Microsoft's attention.
I hope this detailed response has helped you. Credit goes to the technical
team at Winbatch (www.winbatch.com) for suggesting the solution to my
problem. For further information about .manifest files. please go to:
http://msdn2.microsoft.com/en-us/library/aa480150.aspx
Good luck.
Albert
C
cquirke (MVP Windows shell/user)
On Tue, 20 Mar 2007 02:12:00 -0700, Dino+
Er... what programs, "etc." are these?
Maybe there's a reason why they're disabled?
Or were these explicitly disabled in MSConfig?
The last is a different question...
Be easier to use!
How in the world do you TURN OFF this annoying Defender's messaging saying
that it has blocked start up programs etc . . .
Er... what programs, "etc." are these?
Maybe there's a reason why they're disabled?
Or were these explicitly disabled in MSConfig?
The last is a different question...
Saws are too hard to use.--------------- ---- --- -- - - - -
Be easier to use!
G
Guest
When you get the message that the program has been blocked, right click on
the icon in the system tray. You will see a line which say run blocked
program. Click on it and you will find the program name. If you do not know
the program, search for it using the search capabilities within Vista.
Perhaps you will find the program you want (or do not want run).
With regard to msconfig, when you disable some programs, then you also get
this message I think. It would be best under those circumstances to remove
the program altogether from the control panel.
If you still need help, just reply to this post in some detail about what
you need and PERHAPS I will know the answer. Vista is complex and I am still
learning it.
the icon in the system tray. You will see a line which say run blocked
program. Click on it and you will find the program name. If you do not know
the program, search for it using the search capabilities within Vista.
Perhaps you will find the program you want (or do not want run).
With regard to msconfig, when you disable some programs, then you also get
this message I think. It would be best under those circumstances to remove
the program altogether from the control panel.
If you still need help, just reply to this post in some detail about what
you need and PERHAPS I will know the answer. Vista is complex and I am still
learning it.
J
john
AlKolkin said:When you get the message that the program has been blocked, right click on
the icon in the system tray. You will see a line which say run blocked
program. Click on it and you will find the program name. If you do not
know
the program, search for it using the search capabilities within Vista.
Perhaps you will find the program you want (or do not want run).
With regard to msconfig, when you disable some programs, then you also get
this message I think. It would be best under those circumstances to
remove
the program altogether from the control panel.
If you still need help, just reply to this post in some detail about what
you need and PERHAPS I will know the answer. Vista is complex and I am
still
learning it.
I've had the same problem with Defender. In my case, it always, upon
startup, gave me a popup to allow Adobe Update Mgr to access the internet.
Adobe was checked in the startup tab in msconfig and when I checked the
Defender list it was permitted. This popup happened repeatedly and
repeatedly I gave permission for Adobe to access the internet. I finally
threw up my hands and disabled Defender from starting up at boot time. I
don't know why you should get this popup for a program that you've allowed
in the past. It's my contention, that once I've allowed a process access to
the internet, that's it, case closed, and if Defender doesn't get that then
goodbye Defender. I believe this is a bug that needs to be fixed.
Furthermore, I believe, that Microsoft's UAC and entire security model is
convoluted and tedious. I'm hoping that after enough user complaimts
they'll rethink this and make the required adjustments. Security should be
transparent to the end user not a security prompt popup pogostick.
john
M
Mike T
Run MSCONFIG and on the BOOT tab select the box that says make all boot
options permanent and the message will go away
options permanent and the message will go away
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.