Which User Account Control (UAC) setting ensures applications requesting elevation perform a public key infrastructure check?

The setting that ensures applications requesting elevation perform a public key infrastructure (PKI) check is the option that prompts for confirmation when an application is attempting to install or when it needs elevated privileges. This setting specifically requires that the application be digitally signed with a valid certificate that is trusted on the system.

When this configuration is active, the User Account Control system verifies the application's certificate against the PKI to ensure it has not been tampered with and that it originates from a trusted source. This adds an important layer of security by preventing potentially malicious software from gaining elevated privileges without proper validation.

In contrast, other settings either do not require such a check or do not invoke the same level of scrutiny regarding application elevation. For instance, a setting that always notifies may prompt for consent on any elevation request but does not specifically involve a PKI verification mechanism. Options that simply never notify users or prompt for credentials may reduce the overall security posture by either ignoring potentially harmful applications entirely or bypassing the need for digital signature validation.