make my process 'access denied' when terminate

[BrettW]

Hi everyone.

I am making a program that blocks certain processes and i don't want my process to be terminated. Anyone got any ideas on how to do this??? Is it done in vb code or not?

Thanks in advance.

 

[PlausiblyDamp]

If someone has sufficient permissions then there is no real way to prevent a person from killing an application, certain utilities like Task Manager will themselves prevent you from killing certain system processes but this is a feature of task manager itself, if you were to use an alternate tool like pskill or Process Explorer then you can kill anything (including stuff like winlogon) and as such you will suffer the consequences.

The easiest way to prevent a person from terminating a process is to make sure they are not running as an administrator on the system in question.

 

[BrettW]

Hi

I am an administrator on my pc and there is an anti-virus program that i cannot terminate
from task manager. There must be a way to do this!?!??!?

 

[PlausiblyDamp]

Which AV product is it?

 

[snarfblam]

And what is happening when you try to kill it? Do you get a message box? Or does the process just not disappear?

There are some background processes which use a "guardian process" (or the program's front-end) that will restart the background process immediately after it is terminated, such as certain viruses, google updater, or zunebusenum for Microsoft's Zune. I personally find this behavior to be completely unacceptable under any situation on a personal computer at any time ever. If a user tries to terminate a process, it must end. Who's in charge of who?

It might seem benign in certain cases, but it undermines a users authority over his own machine. I will go to any length to stop a process that I don't want running.

It might seem appropriate to ensure that certain processes are running, say, on an employees computer, but I completely disagree. If there is a process that must be running on an employees computer, the process should phone home so that the main office knows that it is running, and it should have an obvious presence on the computer. If you need to outsmart employees, you're in a worse situation than you realize.

So who is going to be using your software?

 

[BrettW]

The av program is Avira antivir personal - Free antivirus.
You can choose in the options to prevent the processes from being killed.
In task manager it comes up a msgbox saying:

The operation could not be completed.
Access is denied.

It is not on an employees pc, it is on my own pc. I just don't want other people running unauthorised programs.

 

[PlausiblyDamp]

Just tried that on my pc and I couldn't see an option to prevent the process being killed (only one to prevent a scan being stopped from the scanning dialog).

Killing the avguard.exe process from taskmanager however works with no access denied message, however the process is restarted (PID changes) presumably by one of the other running antivir processes.

 

[BrettW]

Hi PlausiblyDamp.

to get to the option to stop processes from being killed:
Go into the main avira form (Double click system tray icon)
Click 'Configuration'
Expand General
Click Security
The checkbox should be in there.

By the way, what OS are you using??? (I'm using Xp Pro SP2)
Also what version of Avira (Mine is 9.0.0.418)

?!?

 

[PlausiblyDamp]

I'm running Windows 7 x64 and version 9.0.0.418 and I can't see the option there.

 

[BrettW]

Maybe Win Vista/7 doesnt have "access denied" in task manager

 

[PlausiblyDamp]

Is the task killable using a 3rd party tool like process explorer though?

 

[BrettW]

No it isn't!

It says:
Error opening process - Access is denied

 

[snarfblam]

Just curious, what user is the process running under? Maybe there is something about the process that you can see in ProcExp that can explain why you can't terminate it.

 

[BrettW]

Hello.

"avguard.exe" running under "NT AUTHORITY\SYSTEM"
"avgnt.exe" is running under my username.
But both aren't terminatable so it can't be to do with the username.

It's parent is services.exe so I suppose it is a service.

 

[snarfblam]

Maybe check the security tab on the process properties for the two processes (in process explorer) and see if it is a permissions issue?

 

[BrettW]

It has terminate option(allow or deny) but it does nothing.

I have full control over the process but can't kill it.

 

[BrettW]

so is it impossible

 

[PlausiblyDamp]

The application could be doing something at a lower level to prevent itself being killed off; typically an AV product will attempt to prevent itself being terminated to prevent a virus from doing the same.

Is there a reason you can't shut these executables down using a supported mechanism?

 

[PlausiblyDamp]

The application could be doing something at a lower level to prevent itself being killed off; typically an AV product will attempt to prevent itself being terminated to prevent a virus from doing the same.

Is there a reason you can't shut these executables down using a supported mechanism?