How do I prevent auto updates? Or create fallback-points - page 2

New comment
 
Fernando Carreiro:

You are absolutely right! This new build is totally circumventing the UAC and installing itself anyway! Its acting just like a very nasty exploit virus!

Thanks for the confirmation. Actually Fernando I report it only now as I want to check it again before, but I already saw that in the past, I even had a ticket (unanswered) on the deceased Service Desk.
 
Alain Verleyen: Thanks for the confirmation. Actually Fernando I report it only now as I want to check it again before, but I already saw that in the past, I even had a ticket (unanswered) on the deceased Service Desk.

Either it is a very bad bug, which I don't believe, or it looks like MetaQuotes is deliberately trying to force users to update! Whats next? Force MT4 users to upgrade to MT5 forcefully?

This is definitely an exploit code, because UAC is supposed to be able to block normal installations. So it is really acting like an exploit virus!

 
Fernando Carreiro:

Either it is a very bad bug, which I don't believe, or it looks like MetaQuotes is deliberately trying to force users to update! Whats next? Force MT4 users to upgrade to MT5 forcefully?

This is definitely an exploit code, because UAC is supposed to be able to block normal installations. So it is really acting like an exploit virus!

I do agree, I was very surprised when I saw that the first time. I was keeping that for the SD but as it is now useless, I will report all what I find here :-D
 
Alain Verleyen: I do agree, I was very surprised when I saw that the first time.

I just analysed the logs and know now why the UAC did not work. It did not install, but instead just replaced the files as a normal copy process, which did not trigger the UAC protection.

2018.11.09 20:31:20.533    LiveUpdate: updater - try to close terminal
2018.11.09 20:31:23.741    LiveUpdate: updater - files update started
2018.11.09 20:31:23.764    LiveUpdate: copied from 'C:\Users\F.M.I. Carreiro\AppData\Roaming\MetaQuotes\WebInstall\mt4clw\metaeditor.exe' to 'C:\Trading\MetaTrader\Roboforex\MT4D2119309T\metaeditor.exe'
2018.11.09 20:31:23.787    LiveUpdate: copied from 'C:\Users\F.M.I. Carreiro\AppData\Roaming\MetaQuotes\WebInstall\mt4clw\terminal.exe' to 'C:\Trading\MetaTrader\Roboforex\MT4D2119309T\terminal.exe'
2018.11.09 20:31:23.788    LiveUpdate: updater - files update finished
Looks like to only safe way to protect against updates is to use the file permissions to prevent either downloading new updates or overwriting the older executable files.
 
Fernando Carreiro:

I just analysed the logs and know now why the UAC did not work. It did not install, but instead just replaced the files as a normal copy process, which did not trigger the UAC protection.

2018.11.09 20:31:20.533    LiveUpdate: updater - try to close terminal
2018.11.09 20:31:23.741    LiveUpdate: updater - files update started
2018.11.09 20:31:23.764    LiveUpdate: copied from 'C:\Users\F.M.I. Carreiro\AppData\Roaming\MetaQuotes\WebInstall\mt4clw\metaeditor.exe' to 'C:\Trading\MetaTrader\Roboforex\MT4D2119309T\metaeditor.exe'
2018.11.09 20:31:23.787    LiveUpdate: copied from 'C:\Users\F.M.I. Carreiro\AppData\Roaming\MetaQuotes\WebInstall\mt4clw\terminal.exe' to 'C:\Trading\MetaTrader\Roboforex\MT4D2119309T\terminal.exe'
2018.11.09 20:31:23.788    LiveUpdate: updater - files update finished
Not sure what you mean, the UAC is asking if files can be modified, if you answer "No", the files should not be modified, but they are.
 
Alain Verleyen: Not sure what you mean, the UAC is asking if files can be modified, if you answer "No", the files should not be modified, but they are.

No, in this case the dialog box requesting permission was not from the UAC but from the MetaTrader terminal itself requesting to restart itself. A normal UAC dialog box, darkens the screen and requests the admin password (in my case), and this is not what happened here.

 
Fernando Carreiro:

No, in this case the dialog box requesting permission was not from the UAC but from the MetaTrader terminal itself requesting to restart itself. A normal UAC dialog box, darkens the screen and requests the admin password (in my case), and this is not what happened here.

Yes it's what I get (except I don't have an admin password to type). Is there a way to take a screenshot what the screen is darkened ? I will show you it's an UAC dialog box.

 
Alain Verleyen: Yes it's what I get (except I don't have an admin password to type). Is there a way to take a screenshot what the screen is darkened ? I will show you it's an UAC dialog box.

Never tried a screenshot of the UAC. Use your smartphone and take a photo!

I just tried setting my UAC to maximum and it still gets around it.

 
Fernando Carreiro:

Never tried a screenshot of the UAC. Use your smartphone and take a photo!


I just tried setting my UAC to maximum and it still gets around it.

Ok I tried again but with an MT4 installed under "C:\Program Files (x86)\MT4\" and this time the UAC stopped it when I answered No.

So the problem arise outside it, can you confirm ?

I still don't understand why, but maybe it's not Metaquotes responsibility (?).

 
Alain Verleyen: Ok I tried again but with an MT4 installed under "C:\Program Files (x86)\MT4\" and this time the UAC stopped it when I answered No.

So the problem arise outside it, can you confirm ?

Yes, my installation was a "portable" one on seperate folder.

However, if I revoke permissions on the two executable files, I then get a UAC requesting to overwriting the files. If I say "no", then MetaTrader will just not run at all!

So, the only safe way to to block it, is to delete the downloaded files altogether and by revoking permissions on the download folder ("%APPDATA%\MetaQuotes\WebInstall") so that it does not downloaded ever again (see message below)!

2018.11.09 21:07:35.949    LiveUpdate: download of 'metaeditor.exe' failed

123
New comment