Proccess hacker

#1 JokanderX Members 8 posts OFFLINE Local time:11:44 PM Posted 07 May 2021 - 06:23 AM I'm wondering that how (process hacker 2) can kill any task even it have the (nt authority) privileges ... As i search i discovered that there are more privileges higher than Admin like (Trustedinstaller, system and nt authority)So as i see that (process hacker 2) can kill any malware proccess, and have the ability to kill all task of antivirus, that no one can kill before i used (process hacker 2) , like taskmanger, taskkill, wmic, etcSo can any one here clearify how (process hacker 2), when i asked in some chats, they told me that (process hacker 2) have the kernel power or some thing like this (that i can't understand) Back to top"> Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 0lds0d 0lds0d Bleeping Old Dude Members 5,519 posts OFFLINE Gender:Male Location:Winnipeg, Manitoba, CA Local time:04:44 PM Posted 07 May 2021 - 09:46 AM Be true and always be true to yourself and others who are true.The truth will give you strength and hope and inspiration.Always be brave and only a brave heart can truly love and succeed in life.Understand there are many things in life with value and many things with no value.Always use your head to the best that you can do. Back to top"> Back to top #3 JokanderX JokanderX Topic Starter Members 8 posts OFFLINE Local time:11:44 PM Posted 09 May 2021 - 04:38 AM No i dont think thatBecause i tried to use taskkill via cmd with a nt authorityand i also have access is dine Back to top"> Back to top #4 0lds0d 0lds0d Bleeping Old Dude Members 5,519 posts OFFLINE Gender:Male Location:Winnipeg, Manitoba, CA Local time:04:44 PM Posted 09 May 2021 - 10:21 AM FAQ: Why is Process Hacker able to kill processes that no other tools can kill?Process Hacker loads a driver that searches for an internal Microsoft kernel function and uses it for process termination. This function is not known to be hooked by malware or security

Of the corresponding paging structure.System infoint ptedit_get_pagesize()Returns the default page size of the systemReturnsPage size of the system in bytesPage frame numbers (PFN)size_t ptedit_set_pfn(size_t entry,size_t pfn)Returns a new page-table entry where the page-frame number (PFN) is replaced by the specified one.Parametersentry The page-table entry to modifypfn The new page-frame number (PFN)ReturnsA new page-table entry with the given page-frame numbersize_t ptedit_get_pfn(size_t entry)Returns the page-frame number (PFN) of a page-table entry.Parametersentry The page-table entry to extract the PFN fromReturnsThe page-frame numberPhysical pagesvoid ptedit_read_physical_page(size_t pfn,char * buffer)Retrieves the content of a physical page.Parameterspfn The page-frame number (PFN) of the page to readbuffer A buffer which is large enough to hold the content of the pagevoid ptedit_write_physical_page(size_t pfn,char * content)Replaces the content of a physical page.Parameterspfn The page-frame number (PFN) of the page to updatecontent A buffer containing the new content of the page (must be the size of a physical page)void * ptedit_pmap(size_t physical,size_t length)Map a physical address range to the virtual address space.Parametersphysical The physical address to maplength The length of the physical memory range to mapReturnsA virtual address that can be used to access the physical address.NoteThis function is not supported on Windows.Pagingsize_t ptedit_get_paging_root(pid_t pid)Returns the root of the paging structure (i.e., CR3 on x86 and TTBR0 on ARM).Parameterspid The proccess id (0 for own process)ReturnsThe phyiscal address (not PFN!) of the first page table (i.e., the PGD)void ptedit_set_paging_root(pid_t pid,size_t root)Sets the root of the paging structure (i.e., CR3 on x86 and TTBR0 on ARM).Parameterspid The proccess id (0 for own process)root The physical address (not PFN!) of the first page table (i.e., the PGD)TLB/Barriersvoid ptedit_invalidate_tlb(void * address)Invalidates the TLB for a given address on all CPUs.Parametersaddress The address to invalidatevoid ptedit_full_serializing_barrier()A full serializing barrier which stops everything.Memory types (PATs/MAIRs)size_t ptedit_get_mts()Reads the value of all memory types (x86 PATs / ARM

Properly-missing Info: if you hover over the word "quarantine" in "Threat controll", the virus name is shown, and you can see progress of scans etc. by the surrounding "colour" in GUI. This isn't really obvious.-proccess self-protection...Please keep developing this software, its a bit embarrasing for your fine company. Otherwise its like neat and highly sophisticated code, rotting in a halfdead corpse.SYSTEM : win xp 32 (dual+win7 x64) BDF 1.0.21.1099 +Comodo+EMET +on demand scanners(all disabled for testing purposes) and YES i suppose, the system is clean, the quarantined files already were marked,zipped or isolated.Maybe i should post this in a new thread... 0 I can understand why people calling Bitdefender Free ransomware or abandonware....well to be fair i guess its just bugged. I installed it as substitute for avira - and performance wise, it is a breeze of fresh air for my old machine! Allthough, i really don't know if i will keep THIS...@88krzysiek: same here. Can't restore or delete files after i did a Full scan. " />" />But i realized, i CAN restore & delete a harmless EICAR-testvirus file which was immediately found and quarantined by the Virus Shield (and btw also found in Thunderbirds temp email-folder)So maybe this is the bug? Automatically quarantined files (Virus Shield) delete&restore works, but files quarantined by Fullscan don't ??BUGS & missing "features" (or BASICS):-Restore&delete did not work AT ALL at first. (only open folder works, after Windows restart and Registration(?), it works partially)-RESTORE only works for "eicar", DELETE works for all.(found by VirusShield, for other files quarantined by FULLSCAN, it didnt)-RESTORE AND DELETE sometimes stop working for unknown reasons(after fresh windows start, it works again, well partially at least)-after restarting Bitdefender or resuming Laptop from standby: GUI says "Trying to login..." forever, after fresh win restart :"Logged in" properly-No popup message or warning if something has been found!?! -sleek engine but sluggish GUI-No security prompt, when you exit BDF-Fullscan didn't work directly afer BDF install->restart-excluding drives is weird or not implemented/working properly-missing Info: if you hover over the word "quarantine" in "Threat controll", the virus name is shown, and you can see progress of scans etc. by the surrounding "colour" in GUI. This isn't really obvious.-proccess self-protection...Please keep developing this software, its a bit embarrasing for your fine company. Otherwise its like neat and highly sophisticated code, rotting in a halfdead corpse.SYSTEM : win xp 32 (dual+win7 x64) BDF 1.0.21.1099 +Comodo+EMET +on demand scanners(all disabled for testing purposes) and YES i suppose, the system is clean, the quarantined files already were marked,zipped or isolated.Maybe i should post this in a new thread...I haven't been able to test this since I have yet to have anything get quarantined on any of the 3

Machines BD free is installed on. On one machine, 2 websites have been blocked but that's it. I tested with eicar and they are all working. 0 ......Can't restore or delete files after i did a Full scan. " />" />......the quarantined files already were marked,zipped or isolated.As far as I know Bitdefender Antivirus Free Edition cannot quarantine files within archive files (compressed file systems). The quarantine mechanism simply adds the extension .######.gzquar to the malware file (where ###### stands for some digits) and the file access is blocked by Bitdefender Antivirus Free Edition's service. This cannot be done within a compressed file. I think malware detected within an archive is deleted to clean the container and files deleted from an archive cannot be recovered. 0 -proccess self-protectionAdditionally, what do you mean by process self protection? 0 Thanks for your input! First of all i'd like to share my solution. Well it is not. But its a simple workaround at least. GUI still remain heavily bugged in my case.SOLUTION FOR Restore From Quarantine Does Not Work1-RESTART IN SAFEMODE2-RENAME FALSE POSITIVES (delete ".gzquar")3-OR ZIP IT (if you want to be sure, use PW:"virus" e.g., so even Fullscan wont be able to detect)4-RESTART NORMAL AND MARK FILE/CLICK ONCE(only 1x, dont exec!!!)->BDF WILL DETECT5-NOW GUI WORKS: RESTORE ("EXCLUDE") IF YOU WISH6-BEWARE ENTRIES CAN GET BUGGED AGAIN SO UN-EXCLUDE ("BLOCK") MIGHT NOT WORK LATER! (so you have repeat proccedure)MY CONCLUSIONS:-GUI easily gets bugged, delete and VS (as well as the service)still works -GUI gets bugged... ...completely after exiting gui:-then restore AND delete does not work.-also VShield doesnt show recent scans anymore-NOT logged in-"right click" on demand scan fails...partially after standyby:-delete works, restore doesnt (even eicar, which is ALWAYS restoreable after fresh win start!)-VShield not updated-"logged in"-rest seems to work@graciliano: your right, BDF adds .gzquar extension and locks access, but files within archives are not deleted automatically! Or did you mean the "delete" functionallity in gui? I guess the whole archive is deleted then.@darge:to be honest, i only read that - maybe its fixed or obsolete...But as far i tested, the proccess or service is not killable in taskmanager, nor the service type can be stopped or altered, not even deactivated for next restart (so the only way was safemode or uninstall ;-)) Also exiting the GUI doesnt deactivate defense, as stated in the manual.What systems do you use? I didnt dare to try in win7x64 yet. My thought was this might exhibit only in outdated XP...? might be wishful thinking ,too ;-DOther thoughts, my experience & reports & Bugs etc. -some interesting stuff in here...Logging in...still being logged in without inet connection(red X in tray connection)with deactivated hardware/device manager):"Can't connect..." loggout-> x days left?