Why UAC Prompts a Different Color on a Signed Build on Windows 11

Quick fix: The UAC prompt color indicates trust level. Blue means the app is signed by Microsoft and verified; yellow means signed by a third-party verified publisher; red means unsigned or untrusted; grey means standard Windows operation. The color isn’t a bug — it’s a visual security indicator.

You ran an app on Windows 11 and noticed the UAC prompt is yellow instead of the usual blue you remember. Or you see a red prompt and wonder if the app is malicious. The UAC color scheme has meaning, and understanding it helps you make better trust decisions.

UAC color codes

Blue (Microsoft signed): The app is signed with a Microsoft certificate. This is Windows-shipped or Microsoft-published software (Edge, Office, etc.). Highest trust.

Yellow (third-party verified): The app is signed by a verified third-party publisher whose certificate Windows trusts. This is most signed commercial software.

Red (unsigned or blocked): The app is unsigned, has been revoked, or is blocked by SmartScreen. Treat with caution — this is a warning.

Grey (operating system): The prompt comes from Windows itself (a system tool, an admin Settings page).

What to do based on color

1. Blue: Safe to allow. Verify the publisher name matches the app you expected.
2. Yellow: Allow if you trust the publisher. Verify the publisher name on the prompt.
3. Red: Don’t allow unless you specifically need this unsigned app and trust the source.
4. Grey: System operation. Allow as expected.

How to verify which app is prompting

1. The UAC prompt shows the program name, verified publisher, and origin (file path).
2. Click Show more details to see the full file path and publisher.
3. For grey prompts where the publisher reads “Microsoft Windows,” the operation is internal.

If none of these work

If a UAC prompt’s color seems wrong (a Microsoft app showing yellow instead of blue), the OS may have a certificate issue — check Event Viewer for code signing errors. For prompts that should be blue but show as yellow, the signing certificate may be missing from the trusted Microsoft store; re-install the .NET runtime or run sfc /scannow to restore certificate health.

Bottom line: UAC colors are intentional security indicators. Blue = Microsoft, Yellow = trusted publisher, Red = unsigned/blocked, Grey = OS. Read the publisher name on every prompt regardless of color.