Why do I always get the “scary” UAC prompt when uninstalling software, even if the MSI was digitally signed?

Here’s something that I noticed when I was going about uninstalling things, but that’s something I do infrequently enough that I never looked any deeper. However, I got a question from somebody, so in order to answer that question, I had to actually figure out what was going on.

If you install an MSI, you’ll see a UAC prompt that represents the state of the digital signature. If it’s a Windows signature, you’ll see a comforting blue (though you probably won’t see many of these in an MSI). If it’s any other signature, you get kind of a neutral gray. (Perhaps that’s also considered happy in Redmond, reminding them of winters in Seattle with grey skies?) Finally, if you don’t have a digital signature at all, you get the scary orange one.


You can trust us, it’s your old buddy Windows


Just another rainy day software install – no worries here


Intruder alert! Holy crap!

So far so good – MSIs are behaving exactly like any other software. But, when it comes time to uninstall, things weren’t so happy. Because, no matter who signed the MSI, you’d still get the scary “Intruder alert!” dialog. What’s up with that?

Well, in order to save space, we’ll strip the CAB files out of the MSI – we don’t need them any more. But since we modified the signed MSI, what happens?

The signature is no longer valid.

So we have to show a scary dialog.

We’re investigating changing this behavior in the future.