BrettW Posted December 22, 2009 Posted December 22, 2009 Hi everyone. I am making a program that blocks certain processes and i don't want my process to be terminated. Anyone got any ideas on how to do this??? Is it done in vb code or not? Thanks in advance. Quote
Administrators PlausiblyDamp Posted December 26, 2009 Administrators Posted December 26, 2009 If someone has sufficient permissions then there is no real way to prevent a person from killing an application, certain utilities like Task Manager will themselves prevent you from killing certain system processes but this is a feature of task manager itself, if you were to use an alternate tool like pskill or Process Explorer then you can kill anything (including stuff like winlogon) and as such you will suffer the consequences. The easiest way to prevent a person from terminating a process is to make sure they are not running as an administrator on the system in question. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
BrettW Posted December 27, 2009 Author Posted December 27, 2009 Hi I am an administrator on my pc and there is an anti-virus program that i cannot terminate from task manager. There must be a way to do this!?!??!? Quote
Administrators PlausiblyDamp Posted December 27, 2009 Administrators Posted December 27, 2009 Which AV product is it? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Leaders snarfblam Posted December 27, 2009 Leaders Posted December 27, 2009 And what is happening when you try to kill it? Do you get a message box? Or does the process just not disappear? There are some background processes which use a "guardian process" (or the program's front-end) that will restart the background process immediately after it is terminated, such as certain viruses, google updater, or zunebusenum for Microsoft's Zune. I personally find this behavior to be completely unacceptable under any situation on a personal computer at any time ever. If a user tries to terminate a process, it must end. Who's in charge of who? It might seem benign in certain cases, but it undermines a users authority over his own machine. I will go to any length to stop a process that I don't want running. It might seem appropriate to ensure that certain processes are running, say, on an employees computer, but I completely disagree. If there is a process that must be running on an employees computer, the process should phone home so that the main office knows that it is running, and it should have an obvious presence on the computer. If you need to outsmart employees, you're in a worse situation than you realize. So who is going to be using your software? Quote [sIGPIC]e[/sIGPIC]
BrettW Posted December 28, 2009 Author Posted December 28, 2009 The av program is Avira antivir personal - Free antivirus. You can choose in the options to prevent the processes from being killed. In task manager it comes up a msgbox saying: The operation could not be completed. Access is denied. It is not on an employees pc, it is on my own pc. I just don't want other people running unauthorised programs. Quote
Administrators PlausiblyDamp Posted December 28, 2009 Administrators Posted December 28, 2009 Just tried that on my pc and I couldn't see an option to prevent the process being killed (only one to prevent a scan being stopped from the scanning dialog). Killing the avguard.exe process from taskmanager however works with no access denied message, however the process is restarted (PID changes) presumably by one of the other running antivir processes. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
BrettW Posted December 29, 2009 Author Posted December 29, 2009 Hi PlausiblyDamp. to get to the option to stop processes from being killed: Go into the main avira form (Double click system tray icon) Click 'Configuration' Expand General Click Security The checkbox should be in there. By the way, what OS are you using??? (I'm using Xp Pro SP2) Also what version of Avira (Mine is 9.0.0.418) ?!? Quote
Administrators PlausiblyDamp Posted December 29, 2009 Administrators Posted December 29, 2009 I'm running Windows 7 x64 and version 9.0.0.418 and I can't see the option there. Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
BrettW Posted December 29, 2009 Author Posted December 29, 2009 Maybe Win Vista/7 doesnt have "access denied" in task manager Quote
Administrators PlausiblyDamp Posted December 29, 2009 Administrators Posted December 29, 2009 Is the task killable using a 3rd party tool like process explorer though? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
BrettW Posted December 30, 2009 Author Posted December 30, 2009 No it isn't! It says: Error opening process - Access is denied Quote
Leaders snarfblam Posted December 30, 2009 Leaders Posted December 30, 2009 Just curious, what user is the process running under? Maybe there is something about the process that you can see in ProcExp that can explain why you can't terminate it. Quote [sIGPIC]e[/sIGPIC]
BrettW Posted December 31, 2009 Author Posted December 31, 2009 Hello. "avguard.exe" running under "NT AUTHORITY\SYSTEM" "avgnt.exe" is running under my username. But both aren't terminatable so it can't be to do with the username. It's parent is services.exe so I suppose it is a service. Quote
Leaders snarfblam Posted December 31, 2009 Leaders Posted December 31, 2009 Maybe check the security tab on the process properties for the two processes (in process explorer) and see if it is a permissions issue? Quote [sIGPIC]e[/sIGPIC]
BrettW Posted January 1, 2010 Author Posted January 1, 2010 It has terminate option(allow or deny) but it does nothing. I have full control over the process but can't kill it. Quote
Administrators PlausiblyDamp Posted June 27, 2011 Administrators Posted June 27, 2011 The application could be doing something at a lower level to prevent itself being killed off; typically an AV product will attempt to prevent itself being terminated to prevent a virus from doing the same. Is there a reason you can't shut these executables down using a supported mechanism? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Administrators PlausiblyDamp Posted June 27, 2011 Administrators Posted June 27, 2011 The application could be doing something at a lower level to prevent itself being killed off; typically an AV product will attempt to prevent itself being terminated to prevent a virus from doing the same. Is there a reason you can't shut these executables down using a supported mechanism? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.