Starting with Agent 188.8.131.52 CLSID UAC prompts are detected and handled by AutoElevate. In previous versions of the agent, if a UAC dialog (User Account Control) was generated which referenced the source as being a CLSID then the AutoElevate agent would simply ignore the request and allow the UAC to come up
What is a CLSID? – A CLSID is a com object reference. Some Windows UAC elevation requests reference a CLSID instead of a file.
Examples – A few Windows functions that require elevated privileges and reference a CLSID include - changing a network adapter setting, installing a font, or uninstalling certain types of applications.
How it Works Now - Starting with Agent 184.108.40.206 when a Windows UAC dialog box referencing a CLSID comes up AutoElevate will process it in a similar fashion to how it currently handles other file-based requests.
When a CLSID is detected, AutoElevate will read the CLSID title and description and follow the registry reference to its corresponding file (ie: .dll, .cpl, etc). A file hash will be generated and then checked against the VirusTotal database to positively identify the source. The normal privilege evaluation process is then followed.
If approved by the technician, the end-user will need to manually launch the function again themselves as AutoElevate is not able to do it automatically. They will be prompted with a new AutoElevate dialog asking them to re-launch the function.
Once re-launched the function will be elevated using the Admin Elevation method causing the UAC to be filled in with a local Admin credential.
Article is closed for comments.