The User Account Control: Only elevate UIAccess applications that are installed in secure locations setting should be configured correctly. This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - \\Program Files\\, including subfolders - \\Windows\\system32\\ - \\Program Files (x86)\\, including subfolders for 64-bit versions of Windows Note: Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting. The options are: * Enabled: (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity. * Disabled: An application runs with UIAccess integrity even if it does not reside in a secure location in the file system. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations (2) KEY: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths