I just saw an old thread where someone was asking why Vista was blocking ClamTray.exe. It turned out that the user had turned on "Run as administrator" for clamtray and someone told the user that clamtray doesn't need admin privileges.

This is completely wrong and dangerous. I thought it might be useful to write how you can set up Vista to run ClamTray with administrator privileges automatically when you log in. I spoke to why this is a good thing in http://forums.clamwin.com/viewtopic.php?t=1970 that other thread.

Broadly this is a two-step process. First of all you will create a new method for running ClamTray at startup using Microsoft's task scheduler. Then you will remove the old method of running ClamTray at startup, namely the registry key created when it was installed.

Setting Up Task Scheduler
Vista's task scheduler is capable of starting a program with administrator privileges. There is a nice http://blogs.techrepublic.com.com/window-on-windows/?p=616 preexisting tutorial all about this. Follow the steps in that tutorial with only minor changes. The changes are:

1. The tutorial says to change the trigger from "any user" to a specific user. You probably want ClamTray to be run when any user logs in, so leave it at "any user".
2. The action will, of course, be to run ClamTray.exe, not the event viewer as the tutorial shows. By default, ClamTray is installed to C:\Program Files\ClamWin\bin\ClamTray.exe. In the "Add arguments" box, put "--logon" (without the quotes).

Once this is set up, you can test it the way the tutorial shows. Terminate ClamTray first if it was already running. Do a memory scan. When ClamTray is NOT run as an administrator, you would see:

If you don't see the second line (about logging in as Administrator) then it is working. If you still see that line, then you probably didn't check the box "Run with highest privileges" like the tutorial indicated. Try it again.

Deleting the Old Method
The last step is to delete the old method that was used to run ClamTray at login. Click Start and type "regedit" in the "Start Search" box and run Registry Editor. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the entry labelled "ClamWin" - it's labelled ClamWin, even though it run ClamTray.exe. I guess this makes sense since the overall product name is ClamWin. Deleting this entry will prevent Windows from trying to run ClamTray twice at login time.

Now that ClamTray is being run as an administrator, immediately at least do a memory scan. This may be the very first time ClamTray has had the privileges to actually scan every process on your computer. Windows UAC may be a good security measure, but eventually someone is going to inadvertently click "OK" on a UAC prompt out of sheer habit and give themself a nasty virus or trojan.

As a suggestion, it would be highly beneficial if ClamWin's installer added the task scheduler entry automatically on Vista systems, rather than the "Run" registry entry.

[Note: I posted this in the general discussion area else and only now realized it was more appropriate to post here. Any mods can delete the post over there.]