There's been buzz recently about various technology methods for privilege management on Windows PCs.  There isn't any doubt as to the proper architecture method. Viewfinity maintains that managing privileges at the kernel level is the most technologically sound approach for controlling least privileges at the desktop level.  Kernel driver is the industry standard method used by most anti-virus vendors, most DLP products, and is the method which should be used for security products such as privilege elevation management. The technology is complicated, but endorsed and regulated by Microsoft. So called “elevation” of drivers is assigned and maintained by Microsoft.  Software vendors that took a short cut in this advanced field went with a simpler, more amateur approach: user mode hooking technology which  is not officially supported by Microsoft, as clearly stated in the excerpt from Microsoft’s documentation: 

Straight from the README.TXT of API hooking, or the Detours library

4.5. SUPPORT FOR DETECTION OF DETOURED PROCESSES:
=================================================
Detours loads the detoured.dll shared library stub into any process which has
been modified by the insertion of a detour. This allows the Microsoft Customer
Support Services (CSS) and the Microsoft Online Crash Analysis (OCA) teams to
quickly and accurately determine that the behavior of a process has been
altered by a detour. CSS does not provide customer assistance on detoured
products.