UAC Notification Missing
Windows UAC (User Account Control) notification is a security feature in Windows designed to improve security by notifying users and requiring their consent or confirmation before allowing certain system-level changes or application installations to occur. UAC notification helps prevent unauthorized or potentially malicious actions that could compromise the integrity and security of the operating system. Malicious software can run silently in the background without UAC notifications, making it harder for users to detect malware infections and increasing the likelihood of long-term compromise.
Coro enforces the UAC Notification Missing policy when Windows User Account Control settings are set to:
- Default
- Low
- Medium
Important
Windows UAC is considered vulnerable when set to Low or Medium.
Creating a new UAC Notification Missing policy
To create a new UAC Notification Missing policy:
-
From the
Device Posture
tab, select
+ ADD
:
-
Select
Add to Windows
.
Coro displays the Add new device policy to Windows dialog.
note
The UAC Notification Missing device policy is currently supported for Windows devices.
-
Select
UAC Notification Missing
from the
Select policy type
dropdown:
-
Select the policy
Action
:
- Review : No auto-remediation is performed and a ticket is raised and classified as requiring review. The ticket remains open until either the admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
- Enforce : Auto-remediation is performed, recorded in a ticket, and the ticket is auto-closed.
-
Enter label names (predefined or custom) to the
Labels
field listed under
Apply policy to devices with these labels
to apply the new policy to specific groups of devices.
-
Select
SAVE
.
Coro creates the policy with the configured settings.
note
When UAC Notification is missing on a Windows device, a UAC notification missing ticket type is created.
Select the dropdown next to UAC Notification Missing on the Device Posture tab to view the policy. See Device posture configuration overview.
Coro displays the following policy details:
- Device labels applicable to the policy.
-
The action(s) applicable to the policy, for example,
Enforce
.