Process Hacker and Windows discussion

 
l0rdraiden
Member
Posts: 5

Not reading data and incompatibility with AVAST

03 Aug 2017, 12:22

Using 3.0.855 and the latest stable release the column called Disk write bytes only provides data for "System" process, all the other processes are black.
Why? How can I fix it?

Another issue is that when I run it with admin privileges I get an alert from Avast saying that it has it stopped something from process hacker because of the self protection module.
Another error I get when I don't disable avast self protection is this:
Unable lo load kernel driver. A device which doesn't exist was specified
 
User avatar
dmex
Admin
Posts: 1289
Location: Australia

Re: Not reading data and incompatibility with AVAST

04 Aug 2017, 00:09

l0rdraiden wrote:
03 Aug 2017, 12:22
Using 3.0.855 and the latest stable release the column called Disk write bytes only provides data for "System" process, all the other processes are black.
Why? How can I fix it?
Not sure. Have you tried rebooting or manually resetting the etw provider?

1) Exit Process Hacker
1) Open Computer Management
2) Select the Performance > Data Collector Sets > Event Trace Sessions
http://i.imgur.com/bAO4wFa.png

3) Locate the following entries:
PhEtKernelLogger
PhEtRundownLogger
4) Right-click both entries and select "Stop" then right-click again and select "Delete"
5) Restart Process Hacker.

Let me know if this fixes the issue :thumbup:
l0rdraiden wrote:
03 Aug 2017, 12:22
Another error I get when I don't disable avast self protection is this:
Unable lo load kernel driver. A device which doesn't exist was specified
The kernel driver is a critical security component required to support a number of Process Hacker features including process information, detecting malware and even removing rootkits... Previous versions of Process Hacker never warned the user when the driver failed to initialize and malicious software exploited the lack of error messages to secretly block and interfere with our kernel driver.

Avast has been blocking our kernel driver for several months and refuses to discuss the issue with the development team... All future versions will now show various error messages when something blocks or interferes with our kernel driver and in your case Avast blocked our driver resulting in the error dialog.

You can change the EnableKphWarnings setting in the settings file if you don't want to see these warning dialogs but I highly recommend leaving them enabled for increased security and taking up the issue with the developers responsible for interfering with our driver.
 
l0rdraiden
Member
Posts: 5

Re: Not reading data and incompatibility with AVAST

04 Aug 2017, 08:48

I didn't have these entries in "Event Trace Sessions"
PhEtKernelLogger
PhEtRundownLogger
I have tried to reinstall PH with avast disabled and now I have the entries but I still have the same issue.

Then I have followed your instructions of stop/delete still doesn't work and only PhEtKernelLogger has reappeared in "Event Trace Sessions" and PhEtRundownLogger is missing
 
User avatar
dmex
Admin
Posts: 1289
Location: Australia

Re: Not reading data and incompatibility with AVAST

04 Aug 2017, 09:01

l0rdraiden wrote:
04 Aug 2017, 08:48
Then I have followed your instructions of stop/delete still doesn't work and only PhEtKernelLogger has reappeared in "Event Trace Sessions" and PhEtRundownLogger is missing
PhEtRundownLogger is only created when you select the disk tab and its not an issue if it's missing (unless you need the disk tab). If you select the disk tab do you see any disk activity?
l0rdraiden wrote:
04 Aug 2017, 08:48
I still have the same issue.
Have you tried rebooting?
 
l0rdraiden
Member
Posts: 5

Re: Not reading data and incompatibility with AVAST

04 Aug 2017, 13:46

Yes I have rebooted the computer and the Disk tab has been always blank even running PH with admin rights
 
User avatar
dmex
Admin
Posts: 1289
Location: Australia

Re: Not reading data and incompatibility with AVAST

04 Aug 2017, 14:14

l0rdraiden wrote:
04 Aug 2017, 13:46
Yes I have rebooted the computer and the Disk tab has been always blank even running PH with admin rights
Try running
resmon.exe
(Start menu > Run) and check the disk tab for any activity:
http://i.imgur.com/LnmDM7z.png

Process Hacker uses the exact same etw session as resmon to show disk activity and it's a good way to check if it's just a Process Hacker issue or a Windows issue and what the cause might be.
 
l0rdraiden
Member
Posts: 5

Re: Not reading data and incompatibility with AVAST

04 Aug 2017, 16:01

That works fine I can see the data (B/sec), maybe I have something weird in my system.
 
l0rdraiden
Member
Posts: 5

Re: Not reading data and incompatibility with AVAST

05 Aug 2017, 08:51

dmex wrote:
04 Aug 2017, 14:14
l0rdraiden wrote:
04 Aug 2017, 13:46
Yes I have rebooted the computer and the Disk tab has been always blank even running PH with admin rights
Try running
resmon.exe
(Start menu > Run) and check the disk tab for any activity:
http://i.imgur.com/LnmDM7z.png

Process Hacker uses the exact same etw session as resmon to show disk activity and it's a good way to check if it's just a Process Hacker issue or a Windows issue and what the cause might be.
http://imgur.com/a/vUagY

It looks like it only takes data from windows processes

Who is online

Users browsing this forum: No registered users and 1 guest