We're going to leave the determination because it its too easy and too common for third parties to use the tool in order to remove security software when they shouldn't.
Process Hacker does not have the capability to remove security software.
We encounter many cases where ransomware is dropped through compromised RDP. When someone gains physical access to a machine, they can use tools like ProcessHacker to shut down security software despite an administrator policy disallowing it.
Why haven't Webroot reported these security issues to the development team?
despite an administrator policy disallowing it.
Process Hacker does not bypass administrative policies. The entire project is open-source and you can review the source code and verify this yourself: https://github.com/processhacker/
We understand it is a legitimate tool, but it is often exploited and used in illegitimate ways.
How can Process Hacker be "used in illegitimate ways" while also claiming its "a legitimate tool"?
Again, why have Webroot not reported these so called issues to the development team??