Page 1 of 1

Not reading data and incompatibility with AVAST

Posted: 03 Aug 2017 12:22
by l0rdraiden
Using 3.0.855 and the latest stable release the column called Disk write bytes only provides data for "System" process, all the other processes are black.
Why? How can I fix it?

Another issue is that when I run it with admin privileges I get an alert from Avast saying that it has it stopped something from process hacker because of the self protection module.
Another error I get when I don't disable avast self protection is this:
Unable lo load kernel driver. A device which doesn't exist was specified

Re: Not reading data and incompatibility with AVAST

Posted: 04 Aug 2017 00:09
by dmex
Using 3.0.855 and the latest stable release the column called Disk write bytes only provides data for "System" process, all the other processes are black.
Why? How can I fix it?
Not sure. Have you tried rebooting or manually resetting the etw provider?

1) Exit Process Hacker
1) Open Computer Management
2) Select the Performance > Data Collector Sets > Event Trace Sessions
http://i.imgur.com/bAO4wFa.png

3) Locate the following entries:
PhEtKernelLogger
PhEtRundownLogger
4) Right-click both entries and select "Stop" then right-click again and select "Delete"
5) Restart Process Hacker.

Let me know if this fixes the issue :thumbup:
Another error I get when I don't disable avast self protection is this:
Unable lo load kernel driver. A device which doesn't exist was specified
The kernel driver is a critical security component required to support a number of Process Hacker features including process information, detecting malware and even removing rootkits... Previous versions of Process Hacker never warned the user when the driver failed to initialize and malicious software exploited the lack of error messages to secretly block and interfere with our kernel driver.

Avast has been blocking our kernel driver for several months and refuses to discuss the issue with the development team... All future versions will now show various error messages when something blocks or interferes with our kernel driver and in your case Avast blocked our driver resulting in the error dialog.

You can change the EnableKphWarnings setting in the settings file if you don't want to see these warning dialogs but I highly recommend leaving them enabled for increased security and taking up the issue with the developers responsible for interfering with our driver.

Re: Not reading data and incompatibility with AVAST

Posted: 04 Aug 2017 08:48
by l0rdraiden
I didn't have these entries in "Event Trace Sessions"
PhEtKernelLogger
PhEtRundownLogger
I have tried to reinstall PH with avast disabled and now I have the entries but I still have the same issue.

Then I have followed your instructions of stop/delete still doesn't work and only PhEtKernelLogger has reappeared in "Event Trace Sessions" and PhEtRundownLogger is missing

Re: Not reading data and incompatibility with AVAST

Posted: 04 Aug 2017 09:01
by dmex
Then I have followed your instructions of stop/delete still doesn't work and only PhEtKernelLogger has reappeared in "Event Trace Sessions" and PhEtRundownLogger is missing
PhEtRundownLogger is only created when you select the disk tab and its not an issue if it's missing (unless you need the disk tab). If you select the disk tab do you see any disk activity?
I still have the same issue.
Have you tried rebooting?

Re: Not reading data and incompatibility with AVAST

Posted: 04 Aug 2017 13:46
by l0rdraiden
Yes I have rebooted the computer and the Disk tab has been always blank even running PH with admin rights

Re: Not reading data and incompatibility with AVAST

Posted: 04 Aug 2017 14:14
by dmex
Yes I have rebooted the computer and the Disk tab has been always blank even running PH with admin rights
Try running
resmon.exe
(Start menu > Run) and check the disk tab for any activity:
http://i.imgur.com/LnmDM7z.png

Process Hacker uses the exact same etw session as resmon to show disk activity and it's a good way to check if it's just a Process Hacker issue or a Windows issue and what the cause might be.

Re: Not reading data and incompatibility with AVAST

Posted: 04 Aug 2017 16:01
by l0rdraiden
That works fine I can see the data (B/sec), maybe I have something weird in my system.

Re: Not reading data and incompatibility with AVAST

Posted: 05 Aug 2017 08:51
by l0rdraiden
Yes I have rebooted the computer and the Disk tab has been always blank even running PH with admin rights
Try running
resmon.exe
(Start menu > Run) and check the disk tab for any activity:
http://i.imgur.com/LnmDM7z.png

Process Hacker uses the exact same etw session as resmon to show disk activity and it's a good way to check if it's just a Process Hacker issue or a Windows issue and what the cause might be.
http://imgur.com/a/vUagY

It looks like it only takes data from windows processes