Process Hacker and Windows discussion

 
ne3

Display alert when untrusted services are created

08 Apr 2016 17:33

If an unsigned/untrusted service is created, show an alert window which remains on top of other windows until the user dismisses the alert by pressing a button.
 
User avatar
TETYYS
Contributor
Posts: 515
Joined: 23 Apr 2013 10:37
OS: Win 10 x64

Re: Display alert when untrusted services are created

09 Apr 2016 17:36

Very bad idea.
 
User avatar
viksoftru
Member
Posts: 617
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD
Location: Russia

Re: Display alert when untrusted services are created

09 Apr 2016 20:35

TETYYS

Yes, is very, very bad idea. At the dump!
 
ConfusedPonderer

Re: Display alert when untrusted services are created

12 Apr 2016 19:49

I'm lost... What is it such a bad idea?
 
User avatar
viksoftru
Member
Posts: 617
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD
Location: Russia

Re: Display alert when untrusted services are created

12 Apr 2016 21:53

And you think. Response at the surface.:)
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Location: Australia
Contact:

Re: Display alert when untrusted services are created

13 Apr 2016 00:25

Because it's bad UI design and outside the scope of PH.
 
Guest

Re: Display alert when untrusted services are created

15 Apr 2016 06:46

It could be an option - does not have to be mandatory.

There is a good reason: it stops malware that antivirus does not detect.
Proof is in this post:

viewtopic.php?f=14&t=2311&p=7468

Only 1 antivirus utility detects this malware
 
User avatar
viksoftru
Member
Posts: 617
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD
Location: Russia

Re: Display alert when untrusted services are created

15 Apr 2016 08:14

Well, cry only selectively, as a real infection type VueCript has all the certificates of authenticity until the personal seal of St. Peter and quietly put. The PH you can enable logging and see what happens, this is the first, and the second - the operating system logs as they say is worth reading.

And antivirus weather - all antivirus programs are written based on the statistics of a particular region of infections, usually of where they were created. Here they are acceptable catch the infection, and in a strange region in 99% of cases it's just a demonstration of intense activity, and AV base most of them fake which logged everything, as long as the numbers of detected "villains" terrible look - it's just a simple business. These companies earn on your fears.
 
User avatar
TETYYS
Contributor
Posts: 515
Joined: 23 Apr 2013 10:37
OS: Win 10 x64

Re: Display alert when untrusted services are created

15 Apr 2016 11:13

It could be an option - does not have to be mandatory.

There is a good reason: it stops malware that antivirus does not detect.
Proof is in this post:

viewtopic.php?f=14&t=2311&p=7468

Only 1 antivirus utility detects this malware
Are you saying that all malware aren't signed? Rootkit could spoof certificate validations too.
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Display alert when untrusted services are created

15 Apr 2016 12:09

The main problem is that Microsoft added hidden services on Windows 10 and you can't query the signature for those services.

Services created by the "UnistackSvcGroup" do not have any associated DLL or executable and can't be verified, these include:
Sync Host_<random string>
Contact Data_<random string>
MessagingService_<random string>
CDPUserSvc_<random string>
Service_<random string>

Until Microsoft fixes that issue and passes the correct configuration for those services, they can't be checked for a digital signature... You would get a an "alert" every time one of these services started up and it would be highly annoying (also very problematic to filter since they have random names).