kprocesshackers.sys blocked by Avast Self-defence

[REDACTED]

Hi.
It has been since few days that Avast start stopping kprocesshacker.sys (Process Hacker): it has never done before. I scanned the file and everything it's ok. Is there any way to exclude kprocesshacker.sys from Avast Self-defence check?
Thanks!

[Eddy]

avast self defense is not blocking it, nor is avast flagging the file.

[REDACTED]

avast self defense is not blocking it, nor is avast flagging the file.

...the last Avast pop-up says so.

[Eddy]

Please post a screenshot of it.

avast self defense (hence the name), is protecting avast folders/files, not third party folders/files.

[REDACTED]

Thanks.
Here it is (in italian).

[Eddy]

Ah, that is not the avast self defense.
I guess you made a mistake by translating it to English.
No worries, it can happen.

It says that avast has automatically blocked the application.
I just tested it here and on my system avast doesn't block it.

Check the avast log files and see if one of them tells you why it was blocked.

[REDACTED]

Hi.
When I open Process Hacker
the only one Avast log that updates is UITracking; inside:
Wed Apr 13 15:55:17 2016 - /popup/DoToaster
Wed Apr 13 15:55:20 2016 - [IDR_HTM_TASKBAR_POPUP] {button} close
Wed Apr 13 15:56:01 2016 - /popup/DoToaster
Wed Apr 13 15:56:21 2016 - [IDR_HTM_TASKBAR_POPUP] {button} close
Wed Apr 13 15:57:58 2016 - /popup/DoToaster

[Eddy]

I think it is best to have avast take a look at it.
Please submit a ticket.
http://support.avast.com

[REDACTED]

Thanks for your time.

By the way: is there anyway to read logs by Avast without opening the files on Windows? And... where is the virus basket in the new versions?

Thanks again,
bye

[Eddy]

is there anyway to read logs by Avast without opening the files on Windows?

No, you need to navigate to a log file and open it in a text editor/-viewer.

For the chest > https://www.avast.com/faq.php?article=AVKB21

Edit:
I tested something and it can be that avast is alerting for a process that is accessed by process hacker.
Please attach the Farbar scan logs to your next post. (FRST.txt and Addition.txt)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

[REDACTED]

is there anyway to read logs by Avast without opening the files on Windows?

No, you need to navigate to a log file and open it in a text editor/-viewer.

For most files it denies me access.

[REDACTED]

Anyway Process Hacker still succeeds to launch and run.
On my Windows XP netbook, it doesn't give the same issue... Well, issue: popup Only on my Win10 desktop and Win10 notebook.

[REDACTED]

I have ProcessHacker set as my default "Task Manager". When I start ProcessHacker by invoking "Start Task Manager" from the TaksBar, Avast blocks ProcessHacker from loading KProcessHacker.sys: the exact message that Avast displays is:

Blocked by Avast self-defense: kprocesshacker.sys (C:\Program Files\Process Hacker 2\ProcessHacker.exe)

I have attempted to put in an exception for ProcessHacker.exe, but it does nothing.  ProcessHacker.exe loads and runs of course, but it does not have the functionality afforded by using the kProcessHacker.sys driver.

A few details: this is on a 32-bit Windows 7 box, just built cleanly today, so nothing on it yet but the OS, Avast, Komodo FW and MS Office.

[Eddy]

It looks like avast is protecting the task manager in certain Window versions.
Only avast can tell if it does.

I suggest to submit a ticket and let avast have a look at it/answer things.

[REDACTED]

Here is the posting from the process hacker website forum -

https://wj32.org/processhacker/forums/viewtopic.php?t=2060