Process Hacker and Windows discussion

 
Patrick

Process Hacker keeps getting deleted/uninstalled?

07 Dec 2019 01:47

Hello all.

I prefer to use Process Hacker because it's 10x better than normal Win10 Task Manager (as is obvious).

For some reason, a while after every fresh install of Process Hacker, when I right-click on the taskbar and click taskmanager, I get the default Win10 task manager instead of Process Hacker.

Is there any bug or known issue causing this? Is there something else I should be looking for?

Please help, thank you.
 
JohnTitor
Member
Posts: 5
Joined: 28 Sep 2018 01:38
OS: Windows 10 x64, Ubuntu 18.04

Re: Process Hacker keeps getting deleted/uninstalled?

07 Dec 2019 18:42

Are you running any AV Programmes by any chance?
 
Patrick

Re: Process Hacker keeps getting deleted/uninstalled?

10 Dec 2019 03:03

No, I am not running any AV software that should be deleting Process Hacker.
 
HighGuard
Member
Posts: 3
Joined: 04 Dec 2019 12:12
Location: UK

Re: Process Hacker keeps getting deleted/uninstalled?

10 Dec 2019 14:44

No, I am not running any AV software that should be deleting Process Hacker.
That's not really answering the question. It suggests you are using anti-virus software but you believe it should not be deleting PH2.

If you're using MS Defender or MSE ie. MS's own AV tools, then either one is very likely what is causing the trouble described. The MS/Windows monthly updates always include a malicious software removal tool and I would not be surprised if using that is going exacerbate the problem and may already have done so.

There is at least one thread here about this matter but it is being reported elsewhere; MS, and only, MS have declared PH2 to be a "high threat" hacking tool.

If you are using Defender's or MSE's default settings then there is a good chance some of PH2 files, including the main .exe have been quarantined or even removed.

https://confidentialfiles.wordpress.com ... s-malware/

It is likely this will spread to other AV's as there are bound to be lazy or twitchy administrators who'll start including it in their definitions updates simply because it is being reported by MS as a problem and it will spiral from there.
 
Patrick

Re: Process Hacker keeps getting deleted/uninstalled?

14 Dec 2019 23:24

No, I am not running any AV software that should be deleting Process Hacker.
That's not really answering the question. It suggests you are using anti-virus software but you believe it should not be deleting PH2.

If you're using MS Defender or MSE ie. MS's own AV tools, then either one is very likely what is causing the trouble described. The MS/Windows monthly updates always include a malicious software removal tool and I would not be surprised if using that is going exacerbate the problem and may already have done so.

There is at least one thread here about this matter but it is being reported elsewhere; MS, and only, MS have declared PH2 to be a "high threat" hacking tool.

If you are using Defender's or MSE's default settings then there is a good chance some of PH2 files, including the main .exe have been quarantined or even removed.

https://confidentialfiles.wordpress.com ... s-malware/

It is likely this will spread to other AV's as there are bound to be lazy or twitchy administrators who'll start including it in their definitions updates simply because it is being reported by MS as a problem and it will spiral from there.
Let me elaborate then:

I am not running any AV software, period. I have disabled windows defender by changing admin settings, so 'Real-Time' protection is permanently disabled.

I am also not running any other AV software (e.g. Norton, Malwarebytes, ect..)
Currently going to try and add an exclusion to the install folder and the actual executable and see if that changes anything. If it does, then I guess Microsoft *really* doesn't like Process Hacker.
 
Clu
Member
Posts: 4
Joined: 21 Dec 2019 02:55

Re: Process Hacker keeps getting deleted/uninstalled?

21 Dec 2019 03:49

I have disabled windows defender by changing admin settings, so 'Real-Time' protection is permanently disabled.
But did you disable the scheduled scan in Task Scheduler?

[ For general reference ]

Four Methods to Disable Windows Defender
https://techloris.com/how-to-disable-windows-defender/

How to Turn On or Off Periodic Scanning
https://www.tenforums.com/tutorials/515 ... -10-a.html

How to Turn Off Windows Defender Real-time Protection
https://www.tenforums.com/tutorials/356 ... -10-a.html

Process Hacker was declared malware by Microsoft and is currently removed from your machine automatically by Microsoft Defender as a "high risk" threat. viewtopic.php?f=1&p=11304&sid=46cfe247e ... 121#p11304
While this did happen to me around the time of your post, I was able to revert that action, and I am not currently experiencing this detection issue with the nightly builds.
it's expected Microsoft will remove the project source repository from Github.
I really doubt this, since Github employees are not likely to be the sort of mindless drones that you find at Microsoft. (At least until Microsoft replaces them with unskilled people who will accept 90% lower wages, like it did everywhere else.) I think this problem exists entirely within the malware detection department, which has no direct authority over Github. Microsoft long ago passed the point where it became too large and bureaucratic to manage.

ps. I dont understand why I cannot use the quote tool on your post, or discuss this subject in the thread where it was posted. I would also like to know if anyone else is seeing style sheet errors on sourceforge.net.
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Process Hacker keeps getting deleted/uninstalled?

21 Dec 2019 06:22

I am not currently experiencing this detection issue with the nightly builds.
Microsoft never included the nightly builds (or even v2.38 and earlier releases) of Process Hacker in their "Win64\ProcHack" signatures - just the latest stable release v2.39 - even though the nightly builds have the exact same code as v2.39. The signatures were also blocking downloads from wj32.org but changing the download URL to use the Appveyor build server and SourceForge fixed that.
I really doubt this, since Github employees are not likely to be the sort of mindless drones that you find at Microsoft.
Github would be required to remove the project if there was a complaint. Github is a Microsoft product and Microsoft are stating our project is malicious - they've already banned my hotmail account from other Microsoft services so I think its very likely going to happen (probably when least expected).
I think this problem exists entirely within the malware detection department. Microsoft long ago passed the point where it became too large and bureaucratic to manage.
This is half the problem. Too busy or don't care and staff doing whatever they want.
I dont understand why I cannot use the quote tool on your post, or discuss this subject in the thread where it was posted.
Users can't post in the news section because it's for project news not general discussion. I can include a link in that topic for those that want to discuss it?

There's 3 forum topics and two github issues with discussions about Microsoft:
https://github.com/processhacker/proces ... issues/454
https://github.com/processhacker/proces ... issues/388
I would also like to know if anyone else is seeing style sheet errors on sourceforge.net.
Do you have the problem when using other browsers? SourceForge has a server-side caching issue with some browsers but not others (clearing your cache won't fix the problem) you can fix it by removing any extra languages from the browser settings (if you have the caching issue with that browser but not others).
 
Clu
Member
Posts: 4
Joined: 21 Dec 2019 02:55

Re: Process Hacker keeps getting deleted/uninstalled?

06 Jan 2020 17:00

Microsoft never included the nightly builds (or even v2.38 and earlier releases) of Process Hacker in their "Win64\ProcHack" signatures - just the latest stable release v2.39 - even though the nightly builds have the exact same code as v2.39.
That does not make any sense -- but neither does most of the other things Microsoft does. It certainly creates the impression that a poorly trained screener on the Windows Defender threat analysis team has manually marked the application as malware, based on the title or an auto-generated threat score. And once it gets on their blacklist, nobody wants to take responsibility for removing it, since no one in that department is qualified to determine what is malware.

Process Hacker is functionally the same as a host of similar tools which SmartScreen approves (including Microsoft's "SysInternals Suite"). It is likely that some ignorant clerk saw the word "hack" and checked a blacklist box -- but I did some more investigation on this issue and found that one of the criteria which flags your app for review is how the fields in the "Details" property panel are not populated on Process Hacker modules. (With respect to potential threat scoring, the Product version and Copyright fields carry the highest weight here.)
they've already banned my hotmail account from other Microsoft services so I think its very likely going to happen
Wow, this has really been blown out of proportion and it demonstrates the broad scope of Microsoft's employee incompetence problem. Sorry to hear about that. You might want to try Tutanota or Protonmail, its more secure anyway.

https://www.technadu.com/microsoft-msn- ... ach/64767/
https://www.ecommercetimes.com/story/85958.html
https://www.dailydot.com/news/microsoft ... ive-prism/

Do you have the problem when using other browsers?
Yes, I did check multiple browsers before asking. I spent some time troubleshooting this over the weekend and it appears that style sheets were being fetched from a different server which is running a firewall with a generic VPN proxy IP blacklist. This was preventing the download of all releases on SourceForge. (Not a good idea when ~25% of internet users are browsing through a VPN.) Today the problem appears to be partially resolved: downloads & style sheets are working, only images are broken.
_____

Just for fun, I made some publicity artwork for PH based on "the most interesting man in the world" meme. Hope you like it.
Most interesting man - PH.png
"Bill Gates calls him for computer advice." :lol: