Can't drag files from TC to Windows 10 Mail

[Egorro]

Hi all!
I'm using Total Commander as the main file manager for many years, and since Windows 10 was released use it's Mail app a lot. There is a little issue in Drag-n-drop operations with Total Commander: while composing an email, I can't drag any file as addon inside the Mail window: it just change mouse cursor to 'unavailable' and doesn't allow to do anything with it (.ru instead of *ru, novice restrictions):
Image: f6.s.qip*ru/G1CCNSwp.jpg
http://f6.s.qip.ru/G1CCNSwp.jpg
Doing the same from the Explorer instead of TC allows to add the file to the message:
Image: f4.s.qip*ru/G1CCNSwq.jpg
http://f4.s.qip.ru/G1CCNSwq.jpg
It's not a critical issue but I'd like to ask: is it a known real bug and is there any solution to it?
Will be thankful for any answers, sorry for possibly bad English.

[sqa_wizard]

By chance your TC is running as administrator?

[Egorro]

By chance your TC is running as administrator?

Yes, it is. I'm not even sure if this a problem with some settings or issues on my PC only or it's the way TC interacting with Win10 Apps, can't check on any other system right now to make sure

[Stefan2]

By chance your TC is running as administrator?

Yes, it is. I'm not even sure if this a problem with ...

No, that is the point.... running one program as admin and one as normal user.


I have googled to find a quote in good english words for you:

this is how the UAC works.
Drag- and Drop are messages.
And sending messages from a program with normal rights,
to an application with admin rights can cause security issue.

Do Drag & Drop only work with application with the same rights
(program with Admin rights to program with admin rights
or program with normal rights to program with normal rights ).

https://social.technet.microsoft.com/Forums/windows/en-US/cba0e9b1-25f8-40e5-a888-1435d604f68d/run-as-administrator-prevents-drag-and-drop-working?forum=w7itprosecurity
Don't be confused by the last comment there: "User already has admin rights." User have to have elevated rights (RunAsAdmin) to let it work.


They do not talk here about NTFS permissions, but about a new Vista thingy called "integrity level" as part of the Vista UAC.
With UAC turned on, each program have an IL assign by the UAC system.
A program launched with elevated admin rights have a higher IL than other programs.
And a UAC sub system blocks messages between the different levels, so drag&drop
is not possible from programs running on a lower level to a program on a higher level.
https://blogs.msdn.microsoft.com/patricka/2010/01/28/q-why-doesnt-drag-and-drop-work-when-my-application-is-running-elevated-a-mandatory-integrity-control-and-uipi/
And follow-up > Inside Windows Vista User Account Control.



So this is actually a WindowsTM feature.



And one last thing, to make this post complete:
Running as Administrator on WindowsTM since Vista and newer,
you are an Administrator which have his advanced rights dropped down (technically spoken: from his 'token').
But as Administrator you can get back that rights by launching a program with " Run as Administrator" from context menu,
from the settings on an shortcut LNK, or from console via RunAs command.


 

EDIT
changed "drag&drop is not possible between programs of different levels"
to "drag&drop is not possible from programs running on a lower level to a program on a higher level."


 

[Egorro]

By chance your TC is running as administrator?

Yes, it is. I'm not even sure if this a problem with ...

No, that is the point.... running one program as admin and one as normal user.

I have googled to find a quote in good english words for you:
...
So this is actually a WindowsTM feature.
 

Thank you, that is really the solution: launched Total Commander in normal mode and it allowed me to drag the file to the Mail)) I didn't even think to look in this direction, never seen such restrictions in any other cases (i.e. I still can drag the file from TC^ to normal Word etc).
Thank you again, I will search for some way of launching Win10 apps in admin mode or keep using as is.

[Horst.Epp]

Yes, it is. I'm not even sure if this a problem with ...

No, that is the point.... running one program as admin and one as normal user.

I have googled to find a quote in good english words for you:
...
So this is actually a WindowsTM feature.
 

Thank you, that is really the solution: launched Total Commander in normal mode and it allowed me to drag the file to the Mail)) I didn't even think to look in this direction, never seen such restrictions in any other cases (i.e. I still can drag the file from TC^ to normal Word etc).
Thank you again, I will search for some way of launching Win10 apps in admin mode or keep using as is.

There is no need or benefit to run any App or Program in Admin mode
for doing normal work.
The security model of Windows since Vista tries to protect you
from Trojans and Viruses by not allowing communication between low level and high level programs.

[Hacker]

Horst.Epp,

The security model of Windows since Vista tries to protect you
from Trojans and Viruses by not allowing communication between low level and high level programs.

Do you know of any research if it actually works? Some statistics of how many people were not infected thanks the UAC dialog box? Also, does it help in any way against, say, ransomware that would encrypt all my private data (like photos, documents, etc.)?

TIA
Roman
P.S.: Sorry for being OT.

[HolgerK]

https://www.avecto.com/resources/reports/microsoft-vulnerabilities-report-2013/key-findings/

The report highlights the following key findings:

- Of the 147 vulnerabilities published by Microsoft in 2013 with a Critical rating, 92% were concluded to be mitigated by removing administrator rights
- 96% of Critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights
- 100% of all vulnerabilities affecting Internet Explorer could be mitigated by removing admin rights
- 91% of vulnerabilities affecting Microsoft Office could be by removing admin rights
- 100% of Critical Remote Code Execution vulnerabilities and 80% of Critical Information Disclosure vulnerabilities could be mitigated by removing admin rights
- 60% of all Microsoft vulnerabilities published in 2013 could be mitigated by removing admin rights

Also, does it help in any way against, say, ransomware that would encrypt all my private data (like photos, documents, etc.)?

Not really, because this malware does not needs administrative rights to scramble your data (or make use of known exploits to gain higher privileges).
But does any Virus scanner software works better in this scenario?
(may be with some kind of behavior detection...)

The best strategy in this case is an up to date backup of important data (saved on an offline media).
And not to run any software you receive via mail or internet downloads.

So yes: UAC helps. But... only in combination with latest security patches of system and user software and last but not least with brain2.0....

Regards
Holger

[Hacker]

2HolgerK
Well, what they base their statistics on is not really confidence inspiring:

For this report, a vulnerability is classed as one that could be mitigated by removing admin rights if the sentence "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights" is found within the Executive Summary of the bulletin in which that vulnerability appears.

In other words, we cannot rule out that UAC might help, only god knows.

Still, I'd welcome some real world usage report. I mean, if I run some software, I already decided to trust it. Now I'd have to be either very good at on-the-fly reverse engineering to be able to judge if to allow admin rights or not, or as an alternative I could simply choose to be paranoid by default and click No to every request where it is not completely obvious why I should click Yes. Because, what else can I base my decision on? An executable's name? The details of its digital signature (if it has any)? It's the same situation as with virus scanners asking you to judge the security risk of any given code execution - something nobody can really do with any sufficient confidence.

I wonder if there are any stats, like, yeah, we made some tests, asked users to install 20 programs, among them two malware ones and for the malware ones they chose to click "No" based on this and that, so UAC really helped.

Thanks
Roman

[Nepcior]

I can't drag any file as addon inside the Mail window: it just change mouse cursor to 'unavailable' and doesn't allow to do anything with it (.ru instead of *ru, novice restrictions):
Image: f6.s.qip*ru/G1CCNSwp.jpg

I am experiencing similar issue. I can't drag anything outside TC window. In fact I run TC as an administrator, but i changed this setting and it does not help, still does not work. Beside this i was able to use drag'n'drop until now. It just suddenly stop working today. Any ideas what's wrong?

Windows 7 Enterprise x64
TC 9.0a

[ghisler(Author)]

TC is probably still running as administrator. Please check the title bar, does it contain a ^ character? Then it's running as administrator.

[Nepcior]

Hello Author.
No, it has no this character. But if i run TC as an administrator it has no "^" either. I suppose I am starting TC always as a normal user, even if i mark "run this program as an administrator". This is company computer with domain and a lot of special security software and settings avoiding normal users to have elevated priviliges
Anyway I changed the setting and restarted my computer. Drag'n'drop still does not work. It was working before and stop working suddenly. I did not changed anything. But my company could change something.

[sqa_wizard]

Nepcior: If you have enabled RubberBandSelection (which is on by default) you have to start the dragging exactly on the filename.
Otherwise it will be selected only and on second try dragging will work.

[Nepcior]

sqa_wizard, it is not the case. I can start dragging files. I cant drop them outside TC, because cursor changes to "forbidden" and nothing happens. Like on picture below, where i tried to copy a text file to desktop.
Image: http://wot4me.za.pl/wot/tc_no_copy.jpg


Solved!
For the records
Company installed software which caused this issue. After deinstalation of:
McAfee antivirus
Avecto Defendpoint
all works again. My suspicion is that Avecto is here guilty, because it is software which is managing privileges.