UAC Notification Missing

Windows UAC (User Account Control) notification is a security feature in Windows designed to improve security by notifying users and requiring their consent or confirmation before allowing certain system-level changes or application installations to occur. UAC notification helps prevent unauthorized or potentially malicious actions that could compromise the integrity and security of the operating system. Malicious software can run silently in the background without UAC notifications, making it harder for users to detect malware infections and increasing the likelihood of long-term compromise.

Coro enforces the UAC Notification Missing policy when Windows User Account Control settings are set to:

  • Default
  • Low
  • Medium

UAC Settings

Important

Windows UAC is considered vulnerable when set to Low or Medium.

Creating a new UAC Notification Missing policy

To create a new UAC Notification Missing policy:

  1. From the Device Posture tab, select + ADD :

    Add new device posture policy

  2. Select Add to Windows .

    The Add new device policy to Windows dialog appears.

    note

    The UAC Notification Missing device policy is currently supported for Windows devices.

  3. Select UAC Notification Missing from the Select policy type dropdown.

    Add new UAC Notification Missing policy

  4. Select the policy Action :
    • Review : No auto-remediation is performed and a ticket is raised and classified as requiring review. The ticket remains open until either the admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
    • Enforce : Auto-remediation is performed, recorded in a ticket, and the ticket is auto-closed.
  5. Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.

    Apply device policy labels

  6. Select SAVE .

    The policy is created with the configured settings.

    note

    When UAC Notification is missing on a Windows device, a UAC notification missing ticket type is created.

The policy can be viewed by selecting the dropdown next to UAC Notification Missing on the Device Posture tab. See Device posture configuration overview.

The following policy details are displayed:

  • Device labels applicable to the policy.
  • The action(s) applicable to the policy, for example, Enforce .

    View UAC Notification Missing policy