Unless you write an installer with the right manifest don’t include Installer, Update, Upgrade, Setup,… in your EXE name
I’ve seen this question coming up a few times, and bumped into this at a client recently: the UAC dialog coming up when debugging a 32-bit executable.
This is caused (more details below) by Installer Detection Technology introduced in Windows Vista (with UAC) and tightened in more modern Windows versions.
The solution is to either:
- not include Installer, Patch, Update, Upgrade, Setup, … in your EXE name
- provide a correct manifest to your EXE (getting this right can be hard)
- don’t use x86 as platform target
For software you don’t have source code for, you can alter the manifest with a requestedExecutionLevel element: Fixing the way Vista Auto-detects Installers – Ben’s Writing.
A few links on Installer Detection Technology in Windows:
- Questions
- c# – Program Compatibility Assistant thinks my app is an installer – Stack Overflow.
- windows server 2003 – UAC thinks my Application is an installer Part 2 – Stack Overflow.
- delphi – How do I avoid UAC when my EXE file name contains the word “update”? – Stack Overflow.
- All the created “*update*.exe” files carry the shield overlay. But why? And where and how can I turn this off?.
- UAC, Shield Icons, and setup programs.
- Francisco Falcon on Twitter: “RE: Win asking for elevation when .exe filename includes substr “update”,it’s called “Installer Detection Technology” http://t.co/Rnxi9Drz37″.
- MSDN documentation
Then a quote assembled from the above MSDN documentation:
Windows Vista/7+ Installer Detection TechnologyImportant When developing new installation programs, much like developing programs for Windows Vista+, be sure to embed an application manifest with an appropriate requestedExecutionLevel element (see Step 6: Create and Embed an Application Manifest in downloadable Help file). When the requestedExecutionLevel is present in the embedded application manifest, it overrides Installer Detection. Windows heuristically detects
One of the design goals of UAC is to prevent installations from being run without the user’s knowledge and consent because installation programs write to protected areas of the file system and registry. Installer Detection only applies to:
Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:
Ensure that you thoroughly review the entirety of this document, including “Step 6: Create and Embed an Application Manifest” in the downloadable Help File. Note The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies. Note The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. This setting is enabled by default and can be configured locally by using the Local Security Policy snap-in (Secpol.msc) or configured for the domain, OU, or specific groups by Group Policy (Gpedit.msc).
For general information and an overview of the Windows Installer, see Windows Installer in the MSDN Library (http://go.microsoft.com/fwlink/?LinkId=120410). |
Note:
- Developer Best Practices and Guidelines for Applications in a Least Privileged Environment points to Windows Vista Application Development Requirements for User Account Control (UAC).
| Reference: | Unless you write an installer with the right manifest don’t include Installer, Update Upgrade Setup in your EXE name from our NCG partner Jeroen Pluimers at the The Wiert Corner blog. |
