title- How can I remove the Win7 message from an exe that has this message appear "Do you want to allow the following program from an unknown publisher to make changes on your computer"?
I receive a message rather like
When I try to run an EXE
The EXE is MFTRCRD64.exe
https://github.com/jschicht/MftRcrd
Click green "clone or download", then the blue "download zip"
I tried copying c:\windows\system32\calc.exe
to c:\ab, and I tried copying that exe (MFTRCRD64.exe) to c:\ab. calc.exe
(calc.exe of course by MS), has no issue. Any program I write and compile has no issue. But this program pops up a message. Loads of programs I get written by others don't pop up the message. For some reason this one pops up this message.
There are no streams attached to the EXE so I can't see what is causing it. I know win XP used to pop some security thing up and you could delete a zone identifier stream associated with the file and it was fine. But this is different, it's the UAC giving the message(of course, win7 has UAC win xp doesn't).
But for almost any executable I get from anywhere, I don't get this UAC message. But I do for this MFTRCRD64.EXE file. So it must be something about how the file was produced, and I wonder if I can change it.
C:\ab>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\ab
01/10/2016 12:31 AM <DIR> .
01/10/2016 12:31 AM <DIR> ..
14/07/2009 02:38 AM 918,528 calc.exe
15/09/2015 09:42 PM 1,099,499 MFTRCRD64.exe
2 File(s) 2,018,027 bytes
2 Dir(s) 7,114,272,768 bytes free
C:\ab>calc
C:\ab>MFTRCRD64.exe
C:\ab>streams MFTRCRD64.exe
Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\ab>
Rik makes an interesting remark, that it may be trying to write to somewhere that it isn't allowed to, where you have to be administrative. And indeed I don't get that box come up when in an administrative cmd prompt.
"your running into the "Installer Detection Technology" or IDT from the UAC. It tries to detect if it's dealing with an "installer" and if so, gives you that prompt. Here are two links you can read more about it and check the list for IDT-methods to see if you can solve it. http://answers.microsoft.com/en-us/windows/forum/windows_7-security/uac-message-do-you-want-to-allow-the-following/bea30ad8-9ef8-4897-aab4-841a65f7af71 and http://technet.microsoft.com/en-us/library/cc709628(v=ws.10).aspx "
The answers.microsoft.com link says "This occurs when unknown programs (unsigned) try write data to protected system folders or registry settings, and UAC is seeking your permission"
The technet link says
Filename includes keywords like "install," "setup," "update," etc. Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name. Keywords in the side-by-side manifest embedded in the executable. Keywords in specific StringTable entries linked in the executable. Key attributes in the RC data linked in the executable. Targeted sequences of bytes within the executable.
I have included some output from processor monitor(I understand that has replaced regmon), though i've no idea what registry areas of folder areas it is accessing that might trigger that (if it even would)
http://pastebin.com/raw/A5XC6pEk
I tried writing a c sharp program to write to an area where you have to be administrative (making a file c:\program files\abc.aaa), http://pastebin.com/raw/4K28DvzK but I notice that didn't trigger a UAC, that just made an unauthorizedaccess exception.
I also just tried running a 32bit exe that had setup in the filename, and it didn't trigger it
C:\crp3>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp3
02/10/2016 01:31 PM <DIR> .
02/10/2016 01:31 PM <DIR> ..
22/02/2014 08:21 PM 12,689,608 a_setup_.exe
15/09/2015 09:42 PM 1,099,499 MFTRCRD64.exe
25/07/2015 01:03 AM 73,216 w.exe
3 File(s) 13,862,323 bytes
2 Dir(s) 7,455,793,152 bytes free
C:\crp3>file a_setup_.exe
a_setup_.exe; PE32 executable for MS Windows (GUI) Intel 80386 32-bit
C:\crp3>a_setup_.exe
C:\crp3> :: didn't trigger it
C:\crp3>
further addition
I accept the answer from rik and the great contributions from dan, that came in the discussion.
I would note though that when I remove that RequireAdmin line from the top, I get no response in the non-administrative or administrative cmd prompt.
But it's not important. Both rik and dan got the same error response.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\harvey>cd \crp4
C:\crp4>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4
02/10/2016 03:51 PM <DIR> .
02/10/2016 03:51 PM <DIR> ..
02/10/2016 03:15 PM 1,517 changelog.txt
02/10/2016 03:15 PM 1,114 LICENSE.md
02/10/2016 03:15 PM 163,548 MFTRCRD.au3
02/10/2016 03:51 PM 1,222,656 mftrcrd.exe
02/10/2016 03:15 PM 755,712 mftrcrd2.exe
02/10/2016 03:15 PM 792,064 MFTRCRD64.exe
02/10/2016 03:16 PM 1,222,656 MFTRCRDNEW.exe
02/10/2016 03:15 PM 755,712 MFTRCRD_old.exe
02/10/2016 03:47 PM 1,222,656 MFTRCRD_sci.exe
02/10/2016 03:15 PM 0 readme.txt
10 File(s) 6,137,635 bytes
2 Dir(s) 7,346,610,176 bytes free
C:\crp4>mftrcrd.exe
C:\crp4>mftrcrd64.exe
C:\crp4>notepad.exe MFTRCRD.au3
C:\crp4>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
C:\crp4>
C:\crp4>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
C:\crp4>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
C:\crp4>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
C:\crp4>file mftrcrd.exe
mftrcrd.exe; PE32 executable for MS Windows (GUI) Intel 80386 32-bit
C:\crp4>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
C:\crp4>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4
02/10/2016 03:51 PM <DIR> .
02/10/2016 03:51 PM <DIR> ..
02/10/2016 03:15 PM 1,517 changelog.txt
02/10/2016 03:15 PM 1,114 LICENSE.md
02/10/2016 03:15 PM 163,548 MFTRCRD.au3
02/10/2016 03:51 PM 1,222,656 mftrcrd.exe
02/10/2016 03:15 PM 755,712 mftrcrd2.exe
02/10/2016 03:15 PM 792,064 MFTRCRD64.exe
02/10/2016 03:16 PM 1,222,656 MFTRCRDNEW.exe
02/10/2016 03:15 PM 755,712 MFTRCRD_old.exe
02/10/2016 03:47 PM 1,222,656 MFTRCRD_sci.exe
02/10/2016 03:15 PM 0 readme.txt
10 File(s) 6,137,635 bytes
2 Dir(s) 7,348,428,800 bytes free
C:\crp4>MFTRCRD_sci C?0x100000 -d indxdump=off 4096 -s
C:\crp4>mftr_old.exe C?0x100000 -d indxdump=off 4096 -s
'mftr_old.exe' is not recognized as an internal or external command,
operable program or batch file.
C:\crp4>mftrcrd_old.exe C?0x100000 -d indxdump=off 4096 -s
C:\crp4>md a
C:\crp4>copy mftrcrd.exe
The file cannot be copied onto itself.
0 file(s) copied.
C:\crp4>copy mftrcrd.exe a
1 file(s) copied.
C:\crp4>cd a
C:\crp4\a>del mftrcrd.exe
C:\crp4\a>cd ..
C:\crp4>cd a
C:\crp4\a>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
02/10/2016 04:37 PM <DIR> .
02/10/2016 04:37 PM <DIR> ..
02/10/2016 04:37 PM <DIR> MftRcrd-master
0 File(s) 0 bytes
3 Dir(s) 7,346,700,288 bytes free
C:\crp4\a>cd MftRcrd-master
C:\crp4\a\MftRcrd-master>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a\MftRcrd-master
02/10/2016 04:37 PM <DIR> .
02/10/2016 04:37 PM <DIR> ..
02/10/2016 04:37 PM 1,517 changelog.txt
02/10/2016 04:37 PM 1,114 LICENSE.md
02/10/2016 04:37 PM 163,563 MFTRCRD.au3
02/10/2016 04:37 PM 755,712 MFTRCRD.exe
02/10/2016 04:37 PM 792,064 MFTRCRD64.exe
02/10/2016 04:37 PM 0 readme.txt
6 File(s) 1,713,970 bytes
2 Dir(s) 7,346,700,288 bytes free
C:\crp4\a\MftRcrd-master>move * ..\
C:\crp4\a\MftRcrd-master\changelog.txt
C:\crp4\a\MftRcrd-master\LICENSE.md
C:\crp4\a\MftRcrd-master\MFTRCRD.au3
C:\crp4\a\MftRcrd-master\MFTRCRD.exe
C:\crp4\a\MftRcrd-master\MFTRCRD64.exe
C:\crp4\a\MftRcrd-master\readme.txt
6 file(s) moved.
C:\crp4\a\MftRcrd-master>cd ..
C:\crp4\a>rmdir /s MftRcrd-master
MftRcrd-master, Are you sure (Y/N)? y
C:\crp4\a>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
02/10/2016 04:37 PM <DIR> .
02/10/2016 04:37 PM <DIR> ..
02/10/2016 04:37 PM 1,517 changelog.txt
02/10/2016 04:37 PM 1,114 LICENSE.md
02/10/2016 04:37 PM 163,563 MFTRCRD.au3
02/10/2016 04:37 PM 755,712 MFTRCRD.exe
02/10/2016 04:37 PM 792,064 MFTRCRD64.exe
02/10/2016 04:37 PM 0 readme.txt
6 File(s) 1,713,970 bytes
2 Dir(s) 7,346,503,680 bytes free
C:\crp4\a>MFTRCRD.exe
C:\crp4\a>copy MFTRCRD.exe mftrcrd_original.exe
1 file(s) copied.
C:\crp4\a>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
02/10/2016 04:38 PM <DIR> .
02/10/2016 04:38 PM <DIR> ..
02/10/2016 04:37 PM 1,517 changelog.txt
02/10/2016 04:37 PM 1,114 LICENSE.md
02/10/2016 04:37 PM 163,563 MFTRCRD.au3
02/10/2016 04:37 PM 755,712 MFTRCRD.exe
02/10/2016 04:37 PM 792,064 MFTRCRD64.exe
02/10/2016 04:37 PM 755,712 mftrcrd_original.exe
02/10/2016 04:37 PM 0 readme.txt
7 File(s) 2,469,682 bytes
2 Dir(s) 7,345,741,824 bytes free
C:\crp4\a>"\Program Files (x86)\AutoIt3\SciTE\SciTE.exe"
C:\crp4\a>del mftrcrd.exe
C:\crp4\a>dir mftrcrd.exe
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
File Not Found
C:\crp4\a>:: opened mftrcrd.au3, done tools..compile
C:\crp4\a>
C:\crp4\a>dir
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
02/10/2016 04:40 PM <DIR> .
02/10/2016 04:40 PM <DIR> ..
02/10/2016 04:37 PM 1,517 changelog.txt
02/10/2016 04:37 PM 1,114 LICENSE.md
02/10/2016 04:37 PM 163,563 MFTRCRD.au3
02/10/2016 04:40 PM 1,222,656 MFTRCRD.exe
02/10/2016 04:37 PM 792,064 MFTRCRD64.exe
02/10/2016 04:37 PM 755,712 mftrcrd_original.exe
02/10/2016 04:37 PM 0 readme.txt
7 File(s) 2,936,626 bytes
2 Dir(s) 7,345,045,504 bytes free
C:\crp4\a>>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
'C?0x100000' is not recognized as an internal or external command,
operable program or batch file.
C:\crp4\a>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
Access is denied.
C:\crp4\a>head -n 1 mftrcrd.au3
#RequireAdmin
C:\crp4\a>notepad.exe MFTRCRD.au3
C:\crp4\a>:: removed that line
C:\crp4\a>del mftrcrd.exe
C:\crp4\a>dir mftrcrd.exe
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
02/10/2016 04:40 PM 1,222,656 MFTRCRD.exe
1 File(s) 1,222,656 bytes
0 Dir(s) 7,345,041,408 bytes free
C:\crp4\a>del mftrcrd.exe
C:\crp4\a\MFTRCRD.exe
Access is denied.
C:\crp4\a>dir mftrcrd.exe
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
File Not Found
C:\crp4\a>:: tools..compile
C:\crp4\a>dir mftrcrd.exe
Volume in drive C has no label.
Volume Serial Number is B411-D580
Directory of C:\crp4\a
02/10/2016 04:43 PM 1,222,656 MFTRCRD.exe
1 File(s) 1,222,656 bytes
0 Dir(s) 7,345,041,408 bytes free
C:\crp4\a>MFTRCRD C?0x100000 -d indxdump=off 4096 -s
C:\crp4\a>
added-
removing that #RequireAdmin line and doing `"C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe" /in MFTRCRD.au3 /console` both as Rik suggested, and I reproduce what Rik gets.