Process Hacker and Windows discussion

 
DirtyWhiteHat

Webroot detects and removes Process Hacker

26 Jun 2019 16:01

I wrote to Webroot Support to tell them that Process Hacker is safe and this is a false positive detection. Here is the official response I received from support:
Support wrote:
Hello,

We understand ProcessHacker and we have used it ourselves in the past. The risk comes with actors using the program to shut down security services.

We're going to leave the determination because it its too easy and too common for third parties to use the tool in order to remove security software when they shouldn't. We encounter many cases where ransomware is dropped through compromised RDP. When someone gains physical access to a machine, they can use tools like ProcessHacker to shut down security software despite an administrator policy disallowing it.

You can locally allow this process if you trust it on your system. We understand it is a legitimate tool, but it is often exploited and used in illegitimate ways.

Please let us know if you have any questions or new information regarding this case.

Regards,

Webroot Advanced Malware Removal Team
What this tells me is that Process Hacker can be used to kill Webroot itself and so they are scared of it.
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Webroot detects and removes Process Hacker

07 Jul 2019 13:41

We're going to leave the determination because it its too easy and too common for third parties to use the tool in order to remove security software when they shouldn't.
Process Hacker does not have the capability to remove security software.
We encounter many cases where ransomware is dropped through compromised RDP. When someone gains physical access to a machine, they can use tools like ProcessHacker to shut down security software despite an administrator policy disallowing it.
Why haven't Webroot reported these security issues to the development team?
despite an administrator policy disallowing it.
Process Hacker does not bypass administrative policies. The entire project is open-source and you can review the source code and verify this yourself: https://github.com/processhacker/
We understand it is a legitimate tool, but it is often exploited and used in illegitimate ways.
[/quote]

How can Process Hacker be "used in illegitimate ways" while also claiming its "a legitimate tool"? :?

Again, why have Webroot not reported these so called issues to the development team??
 
Ashen

Re: Webroot detects and removes Process Hacker

08 Dec 2019 09:25

well, guess i wont be using webroot software anymore, i use process hacker to actually track down apps windows task manager dosnt even display, but, cant have that, gotta block it...good move.. *uninstalls all webroot software*