UAC Notification Missing
Windows UAC (User Account Control) notification is a security feature in Windows designed to improve security by notifying users and requiring their consent or confirmation before allowing certain system-level changes or application installations to occur. UAC notification helps prevent unauthorized or potentially malicious actions that could compromise the integrity and security of the operating system. Malicious software can run silently in the background without UAC notifications, making it harder for users to detect malware infections and increasing the likelihood of long-term compromise.
Coro enforces the UAC Notification Missing policy when Windows User Account Control settings are set to:
- Default
- Low
- Medium
Important
Windows UAC is considered vulnerable when set to Low or Medium.
Creating a new UAC Notification Missing policy
To create a new UAC Notification Missing policy:
-
From the
Device Posture
tab, select
+ ADD
:
-
Select
Add to Windows
.
The Add new device policy to Windows dialog appears.
note
The UAC Notification Missing device policy is currently supported for Windows devices.
-
Select
UAC Notification Missing
from the
Select policy type
dropdown.
-
Select the policy
Action
:
- Review : No auto-remediation is performed and a ticket is raised and classified as requiring review. The ticket remains open until either the admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
- Enforce : Auto-remediation is performed, recorded in a ticket, and the ticket is auto-closed.
-
Enter label names (predefined or custom) to the
Labels
field listed under
Apply policy to devices with these labels
to apply the new policy to specific groups of devices.
-
Select
SAVE
.
The policy is created with the configured settings.
note
When UAC Notification is missing on a Windows device, a UAC notification missing ticket type is created.
The policy can be viewed by selecting the dropdown next to UAC Notification Missing on the Device Posture tab. See Device posture configuration overview.
The following policy details are displayed:
- Device labels applicable to the policy.
-
The action(s) applicable to the policy, for example,
Enforce
.