Normally, when a program is run as UAC admin it is handled by start.exe, and the UAC popup shows that start.exe is requesting elevation. But when a program requiring elevation is forced to run sandboxed (e.g. when an installer is set as a forced program), the elevation isn't handled by start.exe and the UAC popup shows the program is requesting elevation. Is there any risk?
P.S. Why is UAC elevation handled by start.exe? Does it improve the security or compability?
Thanks!
Why isn't forced program elevation handled by Start.exe?
If Sandboxie allowed direct access to the elevation mechanism, it would start the elevated program outside the sandbox. Therefore Sandboxie intervenes in the elevation sequence to make sure the elevated program starts in the sandbox.
If elevation occurs before the program started, which is the scenario that you are describing, then it is outside the control of Sandboxie.
In any case there is no practical difference between the scenarios you mentioned, in both scenarios the elevated program has the same admin privileges and in both cases the elevated program runs in the sandbox.
If elevation occurs before the program started, which is the scenario that you are describing, then it is outside the control of Sandboxie.
In any case there is no practical difference between the scenarios you mentioned, in both scenarios the elevated program has the same admin privileges and in both cases the elevated program runs in the sandbox.
tzuk
Who is online
Users browsing this forum: No registered users and 1 guest
