Process Hacker and Windows discussion

 
gh05t
Member
Posts: 5
OS: Windows 7 64bit

Avast blocking KProcessHacker driver

31 Aug 2015, 13:32

Hi.
Some times ago (about 2 weeks) ProcessHacker have stoped load KProcessHacker.sys driver.
I use ProcessHacker 2.36 (r61530. Tried on Windows 7 SP1 (x86 and x54) and Windows 10 x64. Driver does not loaded on all systems.
Also I try to start it from "Create service..." and got error too.

Please, check it.
 
User avatar
dmex
Admin
Posts: 1311
Location: Australia

Re: Driver KProcessHacker does not loaded.

01 Sep 2015, 02:17

You need to select the Hacker menu > Show details for all processes.

The + symbol in the window title indicates if KPH has been loaded and connected :thumbup:
 
gh05t
Member
Posts: 5
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

01 Sep 2015, 13:06

Thank you for reply.

I'm sorry, but I can't find "Show details for all processes" in Hacker menu:
hacker.jpg
Also, on Win 7 x86, when I selected menu Tools > Hidden processes, I got error:
hidden_process.jpg
Before I saw KProcessHacker in Services list, now it is not there.
 
User avatar
viksoftru
Member
Posts: 485
OS: Win7 (Live! DVD), BSD

Re: Driver KProcessHacker does not loaded.

09 Sep 2015, 01:32

To install the driver need administrator rights and knowledge, or use the installer. Version without installation (zip) does not install the driver.
 
User avatar
TETYYS
Plugin Developer
Posts: 479
OS: Win 10 x64

Re: Driver KProcessHacker does not loaded.

09 Sep 2015, 12:02

viksoftru wrote:
Version without installation (zip) does not install the driver.
It does.
 
gh05t
Member
Posts: 5
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

12 Sep 2015, 12:32

viksoftru wrote:
To install the driver need administrator rights and knowledge, or use the installer. Version without installation (zip) does not install the driver.
I know about it and it has administrator rights.
The most strange thing is that it work good (load driver) all time until middle of August and then stop loaded driver on all systems (Win 7 32/64 and Win 10 x64). The ProcessHacker version stay the same and systems was the same.
I think, maybe Microsoft made same updates which block KProcessHacker driver. May developer check it?
 
User avatar
dmex
Admin
Posts: 1311
Location: Australia

Re: Driver KProcessHacker does not loaded.

26 Feb 2016, 14:39

gh05t wrote:
I think, maybe Microsoft made same updates which block KProcessHacker driver. May developer check it?
We haven't found issues that could have been caused by any Microsoft updates. Do you still have this problem?
 
gh05t
Member
Posts: 5
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

02 Mar 2016, 16:23

dmex wrote:
gh05t wrote:
I think, maybe Microsoft made same updates which block KProcessHacker driver. May developer check it?
We haven't found issues that could have been caused by any Microsoft updates. Do you still have this problem?
Yes, I still not see kprocesshacker in Services list and can not start it manually.

My system: Win 7 SP1 x86. UAC is switched off. I run ProcessHacker "as Administrator".
2016-03-02_172708.jpg
 
User avatar
dmex
Admin
Posts: 1311
Location: Australia

Re: Driver KProcessHacker does not loaded.

02 Mar 2016, 19:02

I noticed in your screenshot that you have Avast running. I performed some tests and discovered that Avast is silently blocking our driver.

I have contacted Avast about this and I'll update the thread if there's any new information.
 
User avatar
wj32
Founder
Posts: 948
OS: Windows
Location: Australia
Contact:

Re: Driver KProcessHacker does not loaded.

03 Mar 2016, 03:17

Microsoft is not likely to do such a thing.

You should switch to x64 ASAP and uninstall Avast (or any other security software you have). 32-bit is very outdated.
 
gh05t
Member
Posts: 5
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

03 Mar 2016, 15:59

wj32 wrote:
Microsoft is not likely to do such a thing.

You should switch to x64 ASAP and uninstall Avast (or any other security software you have). 32-bit is very outdated.
On my other system (Win 10 Pro, x64) situation the same. I think problem in Avast, if it block driver it do it silently (no warning about virus or other other security reasons). I'll try uninstall Avast to check it, because switch off protection does not help.
 
User avatar
wj32
Founder
Posts: 948
OS: Windows
Location: Australia
Contact:

Re: Driver KProcessHacker does not loaded.

16 Mar 2016, 15:50

The next version of KPH will implement image verification, and will not be blocked by Avast.
 
User avatar
dmex
Admin
Posts: 1311
Location: Australia

Re: Driver KProcessHacker does not loaded.

16 Mar 2016, 16:34

dmex wrote:
I have contacted Avast about this and I'll update the thread if there's any new information.
We have been discussing this with Avast over the last few weeks... Avast has agreed to notify users when our driver has been blocked but will not be unblocking the driver because it's able to demonstrate a flaw in their security software.
Last edited by dmex on 11 Dec 2016, 05:02, edited 1 time in total.
Reason: fixed typo/updated information
 
alex

avast detect

12 Apr 2016, 21:43

When I run Proccess Hacker avast say to me "Blocked by Avast self-defense: kprocesshacker.sys (path to \ProcessHacker.exe).
 
User avatar
wj32
Founder
Posts: 948
OS: Windows
Location: Australia
Contact:

Re: avast detect

13 Apr 2016, 00:20

Are you using the latest version of PH?
 
MagoPeppe

Re: avast detect

15 Apr 2016, 10:30

Hi. I've the same issue here: I'm runnung PH 2.39.124 and latest Avast (11.2.2261 but it returned the same pop-up even with 11.2.2260 if I remember correctly).
With Windows XP 32bit (on my old notebook) everything is fine but when I try PH on Windows 10 both on my notebook and desktop, here we go with Avast pop-up.
Thanks!
 
jrivett

Re: avast detect

20 Apr 2016, 17:42

Same here. Just updated Avast to latest version and now when I run Process Hacker 2.39.124, Avast pops up this message:
"Blocked by Avast self-defence. kprocesshacker.sys (C:\Program Files\Process Hacker 2\ProcessHacker.exe)"
I've added kprocesshacker.sys and ProcessHacker.exe to the global excludes, and to the File System Shield excludes, but it didn't help.
Process Hacker still works, but with limited functionality.
Windows 8.1 64 bit.
 
shackles
Member
Posts: 16
OS: windows

Re: avast detect

30 Apr 2016, 21:45

Same here I cant use PH on my laptop that has avast.. Well I can use it but without the driver.
 
Microwave89
Member
Posts: 9
OS: Windows 10 10586 x64

Re: avast detect

30 Apr 2016, 22:28

When I had installed avast on my machine (in order to attempt bypass its HIPS) it also used to block kprocesshacker for self defense reasons. In avast 2015 it created named devices named the same as kprocesshacker's devices.
Since avast was SERVICE_BOOT_START but kprocesshacker.sys only SERVICE_SYSTEM_START kproceshacker.sys could not create its device, because it was already there created by avast.
Funny idea.. But do these guys think kprocesshacker is the only thing which could be "dangerous" to avast?

Kind regards,
Microwave89
 
shackles
Member
Posts: 16
OS: windows

Re: avast detect

02 May 2016, 16:42

I think its quite stupid of them to be honest. They have bigger fish to catch than not letting a signed driver to be installed...

Who is online

Users browsing this forum: No registered users and 1 guest