Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on April 12, 2016, 08:57:38 PM
-
Hi.
It has been since few days that Avast start stopping kprocesshacker.sys (Process Hacker): it has never done before. I scanned the file and everything it's ok. Is there any way to exclude kprocesshacker.sys from Avast Self-defence check?
Thanks!
-
avast self defense is not blocking it, nor is avast flagging the file.
-
avast self defense is not blocking it, nor is avast flagging the file.
...the last Avast pop-up says so.
-
Please post a screenshot of it.
avast self defense (hence the name), is protecting avast folders/files, not third party folders/files.
-
Thanks.
Here it is (in italian).
-
Ah, that is not the avast self defense.
I guess you made a mistake by translating it to English.
No worries, it can happen.
It says that avast has automatically blocked the application.
I just tested it here and on my system avast doesn't block it.
Check the avast log files and see if one of them tells you why it was blocked.
-
Hi.
When I open Process Hacker
the only one Avast log that updates is UITracking; inside:
Wed Apr 13 15:55:17 2016 - /popup/DoToaster
Wed Apr 13 15:55:20 2016 - [IDR_HTM_TASKBAR_POPUP] {button} close
Wed Apr 13 15:56:01 2016 - /popup/DoToaster
Wed Apr 13 15:56:21 2016 - [IDR_HTM_TASKBAR_POPUP] {button} close
Wed Apr 13 15:57:58 2016 - /popup/DoToaster
-
I think it is best to have avast take a look at it.
Please submit a ticket.
http://support.avast.com
-
Thanks for your time.
By the way: is there anyway to read logs by Avast without opening the files on Windows? And... where is the virus basket in the new versions?
Thanks again,
bye
-
is there anyway to read logs by Avast without opening the files on Windows?
No, you need to navigate to a log file and open it in a text editor/-viewer.
For the chest > https://www.avast.com/faq.php?article=AVKB21
Edit:
I tested something and it can be that avast is alerting for a process that is accessed by process hacker.
Please attach the Farbar scan logs to your next post. (FRST.txt and Addition.txt)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
-
is there anyway to read logs by Avast without opening the files on Windows?
No, you need to navigate to a log file and open it in a text editor/-viewer.
For most files it denies me access.
-
Anyway Process Hacker still succeeds to launch and run.
On my Windows XP netbook, it doesn't give the same issue... Well, issue: popup :D Only on my Win10 desktop and Win10 notebook.
-
I have ProcessHacker set as my default "Task Manager". When I start ProcessHacker by invoking "Start Task Manager" from the TaksBar, Avast blocks ProcessHacker from loading KProcessHacker.sys: the exact message that Avast displays is:
Blocked by Avast self-defense: kprocesshacker.sys (C:\Program Files\Process Hacker 2\ProcessHacker.exe)
I have attempted to put in an exception for ProcessHacker.exe, but it does nothing. ProcessHacker.exe loads and runs of course, but it does not have the functionality afforded by using the kProcessHacker.sys driver.
A few details: this is on a 32-bit Windows 7 box, just built cleanly today, so nothing on it yet but the OS, Avast, Komodo FW and MS Office.
-
It looks like avast is protecting the task manager in certain Window versions.
Only avast can tell if it does.
I suggest to submit a ticket and let avast have a look at it/answer things.
-
Here is the posting from the process hacker website forum -
https://wj32.org/processhacker/forums/viewtopic.php?t=2060
-
A few things I noted when reading that thread.
User wj32: I recommend using no anti-virus program.
Have a look in the "viruses and worms" forum here and it is clear it is a really bad idea not to use a anti-malware tool.
Guess he never heard about viruses, worms, trojans, ransomware etc.
I would never recommend Avast to anyone anyway, so I don't really care.
If a application that I created was blocked, I sure would care and try to solve it.
In fact a application of mine was blocked by avast and some others.
I contacted them and they all solved the problem.
viksoftru : Unfortunately, the developers of "anti-virus" like AVAST, Avira and some like them artificially inflate their AV databases including their arbitrary programs, certainly not to recognize the fact of false detective.
I wonder why av's detect something falsely and after it being reported they don't anymore.
Oh wait, I know it.
Aliens do exist ;D
I do not see a post there from someone who is using the latest avast version.
-
I'd rather not have Avast's 'Self-Defense module' disabled, but after a blue screen crash of my system, while there was other work was in progress... well, I've certainly disabled it now but I'm also contemplating an alternative AV to try.
Either truly whitelist the 'kprocesshacker.sys' file, globally, or allow user determined functionality to determine their system. I certainly don't want an anti virus program dictating the terms of my PC by throwing spasms and destroying data itself, especially on a false positive! And then in time get stomped by a REAL virus.
Give me back my PC AVAST! or eventually get blocked and uninstalled yourself.
-
:) The file "kprocesshackers.sys" was no longer blocked after disabling Avast's 'Self-Defense module', so then you could run the program without error after disabling that attribute.
:o However, just recently it's found that now you can no longer run ProcessHacker.exe freely again, and not only that but now you cannot run ANY program with privileged/administrator access! That is ANY PROGRAM will not run as Administrator! An 'OK' error box states "the extended attributes are inconsistent".
??? So this problem has now become progressive, suddenly, somehow! So, there remains no other choice for the user BUT to disable Avast Shields for 10mins or so... not only to just complete a simple task but now they also risk their system from suddenly or violently crashing with the infamous blue screen of WTF!
:-X So shopping an alternative AV now after 10+ years, not because of a missed virus infection, and not only because of this AV taking full control of a PC and dictating the terms of production and work... but because you're simply forced to now comply to these unpredictable standards of an ever contradicting industry of alleged 'safe', 'secure', 'free', 'technology'.
:P My time is certainly not 'free', my 'identity' and 'privacy'... certainly not free. Certainly nothing is secure with this dictatorship, and with this type of technology obviously we're at great odds.
8) Maybe there's a smarter competitor out there for windows OS, one that has a little more sense than this circus of dictating clowns! Or maybe even better? Of course, I always knew this was a simple case and just a matter of time to shift away further from the generation-circus of clowns. But maybe it's time to go commando about this too, as stated earlier.