Windows updates have not altered the behaviour of UAC inherently. Settings may have changed, I suppose.
UAC prompt appears when:
-You launch an application who's embedded manifest indicates that it requires administrator permissions and UAC is enabled
-You launch an application which has the "Compatibility" setting of "Run as Administrator" and UAC is enabled
-The application itself attempts to elevate. (Usually, the application checks if it has admin, notices it doesn't, then relaunches itself with the "runas" verb which elevates it and in that process windows shows the UAC prompt if UAC is enabled.
-"Admin Approval Mode" is set to prompt for unverified executables and the signing certificate used to sign the executable has expired.
-The "Admin Approval Mode" Group Policy is in place and UAC is enabled. In this mode the UAC prompts require you to enter a password and I don't think they are skipped by the level of UAC.
We can eliminate the last option simply because it is so unlikely- unless you ARE being prompted for a password, that is! The second to last seems plausible but qbittorrent is not signed at all, so there is no certificate to expire.
That leaves perhaps you've accidentally set the compatibility settings in the program or perhaps some setting in the program that has been altered has it attempting to self elevate? Perhaps settings related to file associations?
Unfortunately there isn't a UAC "whitelist". Possibly fortunate because that would defeat the purpose and provide a relatively easy way for malicious software to elevate itself without displaying the consent dialog.
Apparently you have downloaded an app written by somebody who pays little attention to the need for security and did not register their business.
"Unknown publisher" means that the application isn't signed. It says 'Unknown publisher' even if there is a publisher, (Which was changed in Win8 iirc) the logic being that since it isn't signed you cannot "know" that it is actually from that publisher.
About half of the 'unknown source' programs are either malicious or harmful in some way. Such code was made by somebody who wants to hurt you. Or does not not care if he hurts you.
The authenticode signing process is intended only to allow you to know that the application you have has not been tampered with since the publisher created it. It does not say or indicate anything about it being safe. Nothing prevents malware from being digitally signed in the same manner. Given it has a annual charge associated with it it is no surprise it's not exactly taken off for Open Source products that don't have financial backing. Notepad++, Audacity, DOSBox, foobar2000, Autohotkey, Inkscape, Handbrake, and innumerable other programs do not have authenticode signatures. Which half of these are malware?