I have three programs that startup automatically with Windows 7.
They are:
- Webroot SecureAnywhere
- Soluto Anti-Frustration Software
- everything.exe
Each of these programs bring up a blue UAC dialog everytime the machine starts.
(okay so everything.exe gives me a yellow one….)
In an effort to stop this I've begun reading about UAC. I've read about it:
"Only elevate executable files that are signed and validated –
Enabling this options will prevent any application that is not
digitally signed by a vendor inside the Trusted Publishers list on
your computer to run."
and it says that if I add the associated certificates to the "Trusted Publishers tree node of the certmgr I will be able to stop these blue UAC dialogs from prompting. However…I don't know where to find the certificate files for import.
While I'm pretty sure that everything.exe doesn't have a certificate, the other two programs come from reputable shops; though I can't find certificates on their websites, or any mention of where I can find them.
They're stored as *.cer
or *.crt
files I really don't know where they are
I'm not completely sure that the "Trusted Publishers tree node" fix is what I want. This problem is on my personal laptop.
Update
This question led me to another question about why the chain of trust is broken
Best Answer
Open the executable's properties and go to the
Digital Signatures
tab (If there is no Digital Signatures tab (which I bet everything.exe will not), then the program is not signed and you must sign it yourself with a self signed certificate. Search Stack Overflow for instructions on how to do that).From there click on
Details
to bring up theDigital Signature Details
window.From that window click
View Certificate
to bring up the certificate page.From there click
Install Certficate
, on the second page, when choosing the certificate store, change fromAutomatically select...
toPlace all certificates in the following store
. Then browse and choose theTrusted Publishers
store.NOTE: The above steps puts the certificate in the User's Trusted Publisher store. If you need the Machine's trusted publisher store you must export the certifacate by going to the
Details
tab of the certifacte's window and clicking Copy to FileThe default selections is fine for exporting. When you choose a name for your file, make sure you put the file extension on, it does not put it there by default.
Once you have the
.cer
file you can openMMC
from the run diaglog add the Certficates snap-in and set it to theComputer account
store.That should open a snap in module called
Certificates (local computer)
. From that screen right click onTrusted Publishers
, go toAll Tasks
, then click Import.From the new window that opens you can select the
.cer
file you exported from the earlier instructions and it should add it to the machine store.All screen shots where taken from a Windows-7 Enterprise edition, but it should be the same for all other editions.