Tackling Unknown Publisher Warning: Understanding and Resolving User Account Control Alerts

Written by Alex Marin · August 4th, 2023

Ever stumbled upon the message “Do you want to allow this app from an unknown publisher to make changes to your device”? You're not alone. This User Account Control (UAC) alert can be unclear, and potentially concerning for some users.

Let’s find out in this article why this message appears and how to handle it.

User Account Control (UAC) - What Is It?

UAC is a fundamental part of Microsoft's overall security plan. UAC is designed to minimize the impact of malware by requesting administrator access consent for certain apps. The exceptions are parent-child process relationships that already have an established trust.

When installing applications, UAC typically presents one of two scenarios:

1. The Publisher is Known: Do you want to allow this app to install software on your PC?

Do you want to allow this app to install software on your PC

This is the standard (and desired) UAC message most users receive when installing an application.

In this case, the Verified Publisher (as shown above is Caphyon SRL) denotes the application is trusted.

2. Publisher is Unknown: Do you want to allow this app from an unknown publisher to make changes to your PC?

Do you want to allow this app from an unknown publisher to make changes to your PC

This scenario might raise some eyebrows. The warning appears on a yellow background and denotes the publisher as unknown.

While this may look alarming, it doesn't prevent application installation. It's simply a prompt allowing users to make an informed decision.

Now that we are familiar with the User Account Control function, let’s shift gears to understand a key aspect that determines the type of UAC prompt users receive - Digital Signing.

Understanding Digital Signing

In earlier times, digital signatures had the reputation of being optional, typically used by large corporations.

Today, although it remains “optional” in theory, digital signing becomes more of a necessity.

Here is why:

- Smart App Control (SAC)

SAC blocks applications that could potentially harm your device. In some cases it stops installers that execute DLL/EXE/PowerShell files as Custom Actions.

Starting with version 19.7 of Advanced Installer, we sign all the binary DLLs included in the customer setup package with your certificate. However, you'll still need to sign the package to sign your custom actions.

NoteFor a comprehensive understanding of SAC, visit our article: Your app installation is 100% SAC compatible with Advanced Installer.

- MSIX Package Requirement

With MSIX, digital signing of your packages is mandatory. Without it, the MSIX package will not install. This sends a clear message to the industry about the importance of digital signatures.

In terms of digital signing, Advanced Installer offers a wide range of support, including:

  • Certificate Store
  • File from Disk
  • Azure Key Vault
  • Device Guard

NoteFor a closer look at digital signatures, check out our detailed guide: Create digital signatures using SHA-2 certificate.

Conclusion

While User Account Control alerts might seem intimidating at first, if you understand their function you can avoid confusion for your users. These prompts only mean to protect your system, not interfere with its operation.

As digital signing becomes essential in the tech industry, the tendency of encountering “Unknown Publisher” warnings is set to decrease. By making ourselves familiar with these processes, we pave the way for smoother, safer interactions with our devices.

Ready to streamline and secure your software deployment process? Advanced Installer offers comprehensive solutions for digital signing and beyond.

See Advanced Installer in action through its 30-day free trial.

Written by
See author's page
Alex Marin

Application Packaging and SCCM Deployments specialist, solutions finder, Technical Writer at Advanced Installer.

Comments: