Unless you write an installer with the right manifest don’t include Installer, Update, Upgrade, Setup,… in your EXE name

I’ve seen this question coming up a few times, and bumped into this at a client recently: the UAC dialog coming up when debugging a 32-bit executable.

This is caused (more details below) by Installer Detection Technology introduced in Windows Vista (with UAC) and tightened in more modern Windows versions.




The solution is to either:

  • not include Installer, Patch, Update, Upgrade, Setup, … in your EXE name
  • provide a correct manifest to your EXE (getting this right can be hard)
  • don’t use x86 as platform target

For software you don’t have source code for, you can alter the manifest with a requestedExecutionLevel elementFixing the way Vista Auto-detects Installers – Ben’s Writing.

A few links on Installer Detection Technology in Windows:

Then a quote assembled from the above MSDN documentation:

Windows Vista/7+ Installer Detection Technology


When developing new installation programs, much like developing programs for Windows Vista+, be sure to embed an application manifest with an appropriate requestedExecutionLevel element (see Step 6: Create and Embed an Application Manifest in downloadable Help file). When the requestedExecutionLevel is present in the embedded application manifest, it overrides Installer Detection.

Windows heuristically detects

  • installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. […]
  • updates and programs that uninstall applications.

One of the design goals of UAC is to prevent installations from being run without the user’s knowledge and consent because installation programs write to protected areas of the file system and registry.

Installer Detection only applies to:

  1. 32 bit executables
  2. Applications without a requested execution level attribute: requestedExecutionLevel
  3. Interactive processes running as a Standard User with UAC enabled

Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:

  • The file name includes keywords such as “install,” “setup,” or “update.”
  • Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
  • Keywords in the side-by-side manifest are embedded in the executable file.
  • Keywords in specific StringTable entries linked in the executable file.
  • Key attributes in the resource script data are linked in the executable file.
  • There are targeted sequences of bytes within the executable file.

Ensure that you thoroughly review the entirety of this document, including “Step 6: Create and Embed an Application Manifest” in the downloadable Help File.


The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.


The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. This setting is enabled by default and can be configured locally by using the Local Security Policy snap-in (Secpol.msc) or configured for the domain, OU, or specific groups by Group Policy (Gpedit.msc).


For general information and an overview of the Windows Installer, see Windows Installer in the MSDN Library (


Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button