diff --git a/src/gui/src/MainWindow.cpp b/src/gui/src/MainWindow.cpp
index 6d7f4754..af8d91e8 100644
--- a/src/gui/src/MainWindow.cpp
+++ b/src/gui/src/MainWindow.cpp
@@ -485,6 +485,9 @@ bool MainWindow::clientArgs(QStringList& args, QString& app)
 		return false;
 	}
 
+	// wrap in quotes so a malicious user can't start \Program.exe as admin.
+	app = QString("\"%1\"").arg(app);
+
 	if (m_pLineEditHostname->text().isEmpty())
 	{
 		show();
@@ -560,6 +563,9 @@ bool MainWindow::serverArgs(QStringList& args, QString& app)
 		return false;
 	}
 
+	// wrap in quotes so a malicious user can't start \Program.exe as admin.
+	app = QString("\"%1\"").arg(app);
+
 	if (appConfig().logToFile())
 	{
 		appConfig().persistLogDir();
diff --git a/src/lib/arch/CArchDaemonWindows.cpp b/src/lib/arch/CArchDaemonWindows.cpp
index a24d7a35..ac25bfc1 100644
--- a/src/lib/arch/CArchDaemonWindows.cpp
+++ b/src/lib/arch/CArchDaemonWindows.cpp
@@ -817,7 +817,21 @@ CArchDaemonWindows::installDaemon()
 	// install default daemon if not already installed.
 	if (!isDaemonInstalled(DEFAULT_DAEMON_NAME, true)) {
 		char path[MAX_PATH];
-		GetModuleFileName(CArchMiscWindows::instanceWin32(), path, MAX_PATH);
+		GetModuleFileName(CArchMiscWindows::instanceWin32(), &path[1], MAX_PATH - 2);
+		
+		int length = 0;
+		for (int i = 0; i < MAX_PATH; i++) {
+			if (path[i] == '\0') {
+				length = i;
+				break;
+			}
+		}
+		
+		// wrap in quotes so a malicious user can't start \Program.exe as admin.
+		path[0] = '"';
+		path[length] = '"';
+		path[length + 1] = '\0';
+
 		installDaemon(DEFAULT_DAEMON_NAME, DEFAULT_DAEMON_INFO, path, "", "", true);
 	}