Showing results for 
Search instead for 
Did you mean: 
Level 7

Are applications dynamically whitelisted by admin when UAC enabled?

we are experiencing some strange behavior with solidcore version 7.

We have windows 2012 with UAC enabled. logged on with an admin account, when create and save a dummy powershell script or copy a executable on to the drive, windows will pop up something like 'you need administrator permission'. I click on ok, then all this files are dynamically added to the whitelist (checked using sadmin ls) and they are able to be executed without any problem.

I also RUN AS ADMINISTRATOR on powershell command prompt, I can  run whatever I like from there. without 'run as administrator' I will get execution denied on non-whitelisted scripts or executable as usual.

After I disable UAC, I cannot run any non-whitelisted scripts or executable with or without 'run as administrator'

I dont have any trusted user in my policy so wondering is this normal, does solidcore have some default rule behind it or UAC come on top of solidcore?


0 Kudos