Why is .NET 5.0.14 asking for administrative rights?

Topic

New Reply

A few days after putting on the March updates at the end of last month, I have gotten a mysterious administrative popup (see the attached screen shot) once or twice on some of my networked Windows 10 computers. Since it wasn’t coming from anything obvious that I had initiated, I’ve denied permission each time, with no obvious ill effect. Nothing is generated in the system logs to indicated anything going on during those times (e.g., none of Microsoft’s stealth store app updates). As far as I can determine, 4.8 is the highest version of .NET on these computers, and this initiation is coming from something in the local temp file of the nonadministrative account I normally use.

Is this coming from something nefarious attempting some action on these computers or possibly some poorly configured but harmless Microsoft routine poking around? Anyone more knowledgeable about the details given in the popup please comment. The system details are:

Device name ES-1
Processor Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz 3.20 GHz
Installed RAM 16.0 GB
Device ID 1B2BA8F3-E28D-4B47-AE81-BAF9D9AAFF05
Product ID 00330-80000-00000-AA412
System type 64-bit operating system, x64-based processor
Pen and touch No pen or touch input is available for this display

Edition Windows 10 Pro
Version 21H2
Installed on ‎12/‎26/‎2020
OS build 19044.1586
Experience Windows Feature Experience Pack 120.2212.4170.0

 

Reply | Quote

Replies

Do you have controlled folders enabled?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

No, I don’t. All these computes have McAfee LiveSafe running along with Malwarebytes, so I don’t believe most of the Windows Defender options like that are even available.

Reply | Quote

As the pop-up shows the app is from Microsoft and the digital signature is OK.
It is safe to allow the app to make changes.

cheers, Paul

Reply | Quote

Like many in this forum, I’m more than a bit cautious about allowing Microsoft to make changes to my system for no obvious reason, so I’ll agree the request likely isn’t malware, but I’m still lacking any incentive to allow it, especially when it doesn’t appear to be synchronized with an update that I’ve permitted. I’d like to know what it’s going to do for my system; I’m sure it probably does something for Microsoft, which is not necessarily something I want to facilitate.

Reply | Quote

I would run procmon and see what other application is running at the same time. My guess is that there is something locked down/permission-ish that is not quite right and is triggering that notification.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Microsoft’s Process Explorer can help you determine which process started the .Net 5.0.14 Runtime executable.  If there is no parent process in the process tree then it is possible that it has already exited.  In that case Process Explorer will identify it as a non-existent process in the properties for the running child process.

Reply | Quote

 

Thanks! Will try these suggestions the next time it shows up.

Reply | Quote

Neither of the process tools could give a clue what was initiating the permission task, so I finally tried letting it go ahead on the least essential of my machines. The notion that something was misconfigured seems to have been correct-some of the Dell support routines started eating the clock after the install finished, suggesting that one of them had initiated the installation. Based on much experience with various Dell support routines and the error entries in the event log, being misconfigured seems to be almost the norm, but since there are usually alternate ways of achieving an end, I usually just leave them to stumble around.

Thanks for all the suggestions and insights!

Reply | Quote

ENShearin wrote:

… The notion that something was misconfigured seems to have been correct-some of the Dell support routines started eating the clock after the install finished, suggesting that one of them had initiated the installation…

Hi ENShearin:

You might want to read heu03″s 17-Apr-2022 Cannot Install SupportAssist in the Dell SupportAssist for PCS board. The SupportAssist installer would always report “Installation failed. We were unable to complete the installation. Please reboot your PC and try again” on their Latitude 5590 / Win 10 Enterprise v21H2 (OS Build 19044.1645) laptop and the installation log noted the following: “ERROR – Dell.SupportAssist.Client.SupportAssistInstaller.MainWindow – Unexpeceted Error Occured during Asp Or Dot Net Core Installation“. Hue03 uninstalled the Microsoft .NET Runtime v5.0.16 (x64) from Control Panel | Programs | Programs and Features and was finally able to install SupportAssist.

Hue03 hasn’t confirmed if their SupportAssist v3.10.4 is running correctly without that .NET Core runtime (e.g., if hardware diagnostic and software/driver update checks run as expected) but SupportAssist v3.10.4 was running correctly on my Insipron 5584 / Win 10 Pro machine long before before Windows Update installed the Microsoft .NET Runtime v5.0.16 (x64) (KB5013354) during my April 2022 Patch Tuesday updates. I don’t know why that Microsoft .NET Runtime v5.0.16 (x64) caused an issue on hue03’s Dell laptop unless it’s something specific to their Latitude computer model and/or Enterprise edition of Win 10.
———
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1645 * Firefox v99.0.1 * Microsoft Defender v4.18.2203.5-1.1.19100.5 * Malwarebytes Premium v4.5.8.191-1.0.1666

Reply | Quote

Thanks, I’ll keep that in mind when I next run Support Assistant. It has its quirks, but it has been working OK throughout the lifetime of these machines, so it it stops, voila.

Reply | Quote

Did you ever figure out what was causing the UAC prompt for .NET?  I am also having that issue, and am wondering what (if anything) can be done to fix this?

Reply | Quote

Do you know what applications are using that .net?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Unfortunately, I have no idea which applications require that version of .NET.

The problem started about 2 weeks ago.  The UAC prompt pops up every couple of days.

Could this be the result of some scheduled app?  If so, is there an easy way to determine which app was scheduled to run at the time the prompt popped up?  (Since I have been selecting “No” to the UAC prompt, I assume that whatever app is raising the prompt is terminated when I hit Enter.)

Note, the prompt has never popped up in response to any app that I initiate manually, which is why I suspect that some scheduled app may be responsible.

Reply | Quote

I have identified the application which is raising the UAC prompt.

I ran command tasklist /m "mscor*"

Then I checked Task Scheduler for the listed tasks.

One of these (Dell SupportAssistAgent AutoUpdate) raised the prompt when I issued a manual Run request.

The status of the previous run shows that the task completed successfully.

Does that imply that the .NET Runtime 5.0.14 is not really needed?  If so, is there a way to prevent the prompt from continuing to occur each time the task runs per its schedule time?

1 user thanked author for this post.

lmacri

Reply | Quote

Bruce wrote:

The status of the previous run shows that the task completed successfully. Does that imply that the .NET Runtime 5.0.14 is not really needed?

It may be that the return codes of the update program don’t adequately reflect the status of the update.

You could live dangerously and uninstall NET5 runtime to see what, if anything, complains.

cheers, Paul

Reply | Quote

Paul, thanks for your response.

As far as I can tell, .NET 5 is not currently installed.

Based upon the content of C:\Windows\Microsoft.NET\Framework, the highest installed version is 4.0.30319.

I have not noticed an error from any application which would imply that .NET 5 is a requirement.

The only indication that .NET 5 may be needed is the UAC prompt for admin credentials in order to allow installation of the runtime whenever Dell SupportAssistAgent AutoUpdate is activated.

So, assuming that .NET 5 is actually not required, I guess the only thing I can do is to keep dismissing the UAC prompt whenever it pops up as a consequent of the scheduled Dell app?

Reply | Quote

Bruce wrote:

As far as I can tell, .NET 5 is not currently installed. Based upon the content of C:WindowsMicrosoft.NETFramework, the highest installed version is 4.0.30319.

Hi Bruce:

The 64-bit .NET 5.x Runtime (unlike the “classic” .NET Frameworks) is listed on my Win 10 Pro v21H2 machine at Control Panel | Programs | Programs and Features.

Try running the the ASoft .NET Version Detector 21R utility I mentioned in my post # 2440135 of CAS’ 13-Apr-2022 thread How to Uninstall KB5013354 to see what .NET (Core) Runtimes and “classic” .NET Frameworks are installed on your computer. Just download and unzip the portable netver.zip file at any location (I saved mine to a removable USB thumb drive) and double-click the dotnet.exe file to run.The utility interface is a bit messy but if you click the Copy button in the bottom right corner you can paste the formatted results in a text editor like Notepad or MS Word.

————–
Dell Inspiron 5584 *64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v100.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.5 * Malwarebytes Premium v4.5.9.198-1.0.1676 * Macrium Reflect Free v8.0.6758

1 user thanked author for this post.

Bruce

Reply | Quote

Thanks Imacri

I ran the ASoft .NET Version Detector 21R utility, and it confirmed that there is no .NET Core x64 Runtime or .NET Core x86 Runtime currently installed.

Dell SupportAssistAgent AutoUpdate wants to install it, but apparently does not actually need it, since no visible errors are generated.

So, I guess I’ll just continue to dismiss the UAC prompt each time it occurs.

Reply | Quote

Try this as an alternate method to determine if you have .NET

To see what .NET runtime versions are installed on your computer:
∙ Open an administrator command prompt
∙ Type:

dotnet --list-runtimes

If you don’t have .NET, the command is invalid.
If you have .NET, your information will be similar to this:

What is your result?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Geekdom:

The result…

C:\WINDOWS\system32>dotnet –list-runtimes
‘dotnet’ is not recognized as an internal or external command,
operable program or batch file.

I guess this also confirms that .NET runtime is not installed, yet for some reason, Dell SupportAssistAgent AutoUpdate suddenly thinks it needs it, even though the current version of SupportAssist has been running without it up until now.

Reply | Quote

It confirms the runtime is not installed, but it wants to be installed – hence the UAC prompt.

Say yes to the install and then remove it afterwards.

cheers, Paul

Reply | Quote

Bruce wrote:

… for some reason, Dell SupportAssistAgent AutoUpdate suddenly thinks it needs it, even though the current version of SupportAssist has been running without it up until now.

Hi Bruce:

The Dell SupportAssistAgent AutoUpdate task in my Task Scheduler is only scheduled to run once a week, and if I wish I can disable that task by right-clicking and selecting Disable (see attached image). Note that the Last Run Time of 15-May-2022 on my machine has a status of 0x8 (failure) because I normally have the Dell SupportAssist service DISABLED at Start | Windows Administrative Tools | Services to prevent this utility from loading automatically at boot-up. I’m not a fan of SupportAssist (see my 03-Apr-2022 post in r72019’s SupportAssist PC-Doctor Module, 100% CPU and RAM usage!) and I prefer to use Dell Update to check for available updates.

SupportAssist runs a self-check for an available update each time it is launched, so if your UAC prompt for the Microsoft .NET Runtime v5.0.x appears when the SupportAssist interface is closed (and the weekly Dell SupportAssistAgent AutoUpdate task is not running) then that auto-update task might not be responsible for the UAC prompt.

It’s still possible that other automated background tasks run by SupportAssist and/or Dell SupportAssist Remediation (a.k.a. Dell SupportAssist OS Recovery) like weekly  software and driver update checks, monthly disk cleaning and system optimization scans, daily creation of Dell system repair points, collection and submission of system telemetry data, etc. are responsible for triggering your UAC prompt for the Microsoft .NET Runtime v5.0.x . See my 18-May-2022 post in fyreflow’s “Dell Command | Update” Shows Incorrect CPU in System Information? about how these tasks can be disabled in your SupportAssist settings.

If you haven’t already done so you might also want to post in the SupportAssist for PCs board in the Dell forum and see if any other Dell users are seeing this UAC prompt for the Microsoft .NET Runtime v5.0.x.  If you do be sure to provide your Dell computer model, Windows OS, and SupportAssist version number.
————–
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v100.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.5 * Malwarebytes Premium v4.5.9.198-1.0.1676 * Macrium Reflect Free v8.0.6758 * Dell SupportAssist v3.10.4.18 * Dell Update for Windows 10 Universal v4.5.0

1 user thanked author for this post.

Bruce

Reply | Quote

Imacri,

RE: “if your UAC prompt for the Microsoft .NET Runtime v5.0.x appears when the SupportAssist interface is closed (and the weekly Dell SupportAssistAgent AutoUpdate task is not running) then that auto-update task might not be responsible for the UAC prompt” — I confirmed that the prompt is raised by AutoUpdate by going to its Task Scheduler entry and manually selecting Run.  At that point, the prompt immediately pops up.

Per your suggestion, I posted my issue in the SupportAssist for PCs board in the Dell forum, and will await replies.

If that does not generate any useful action, then the option to disable AutoUpdate and SupportAssist, and to use Dell Update instead, sounds like a good alternative which would resolve my issue.

Thanks very much for your help with this problem.

Reply | Quote

Bruce wrote:

… there is no .NET Core x64 Runtime or .NET Core x86 Runtime currently installed. Dell SupportAssistAgent AutoUpdate wants to install it, but apparently does not actually need it, since no visible errors are generated…

Hi Bruce:

What is the current version of your Dell SupportAssist utility?

When I go to Options (gear icon) | About the SupportAssist interface reports I have the latest v3.10.4.18 on my Inspiron 5584 (see image below).  I’ve posted links <here> to three recent threads in the Dell forum related to issues that occurred after the Dell servers tried to push out a newer SupportAssist v3.11.1.18, including hue03’s thread Cannot Install SupportAssist about a glitch with .NET Runtime v5.0.x. The release notes on the SupportAssist documentation page at https://www.dell.com/support/home/en-ca/product-support/product/dell-supportassist-pcs-tablets/docs still list SupportAssist v3.10.4.18 as the current version, so I’m not even sure why some Dell machines are trying to install this buggy v3.11.1.18 update.

————————
Dell Inspiron 5584 * 64-bit Win 10 Pro v21H2 build 19044.1706 * Firefox v100.0.1 * Microsoft Defender v4.18.2203.5-1.1.19200.5 * Malwarebytes Premium v4.5.9.198-1.0.1676 * Macrium Reflect Free v8.0.6758 * Dell SupportAssist v3.10.4.18 * Dell Update for Windows 10 Universal v4.5.0

Reply | Quote

I too have SupportAssist v3.10.4.18

I chatted with a Dell agent briefly, asked if there was some way to disable autoupdate.

His 3-step suggestion, copied directly from the chat transcript:

STEP 1
Click the “Start” button, type “Run” in the search box and hit “Enter.” Type “msconfig” in the dialogue box and hit “Enter.”

STEP 2
Click on the tab “Services” in the new dialogue box. Find “SupportSoft sprtcmd” in the list and uncheck it.

STEP 3
Click on the tab “Startup” to see another list. Find and uncheck “dscactivate” and/or “SupportSoft sprtcmd.

I found no entries for “SupportSoft sprtcmd” or “dscactivate” in either msconfig or in Task Manager, so I could not try this.

Reply | Quote

I too have been periodically seeing a UAC dialog for .NET Runtime 5.0.14.

I have been cancelling this dialog, since I have no idea why it is popping up.

Should I allow it to run, or is there some other action I should take to prevent it from recurring?

I am attaching a picture of the dialog.

Note, when I attempt to examine the specified program location I find that the item does not show up, i.e.,  C:\Users\Bruce\ApplicationData\Local\Temp does not contain an entry for {0c0643b3-…

Reply | Quote