Absol
Topic Author
Posts: 14
OS: Windows 7 32bit

Avast block Process Hacker features

Tue Sep 27, 2016 12:36 pm

Avast block process hacker driver, possible to bypass this ?
 
User avatar
TETYYS
Posts: 460
OS: Win 7 x64

Re: Avast block Process Hacker features

Tue Sep 27, 2016 10:57 pm

remove avast
 
crowbarx5
Posts: 7
OS: Windows 8 64bi
Location: GErmany

Re: Avast block Process Hacker features

Wed Sep 28, 2016 3:15 am

add a rule exception for p.h. ?
 
Absol
Topic Author
Posts: 14
OS: Windows 7 32bit

Re: Avast block Process Hacker features

Wed Sep 28, 2016 12:56 pm

Part of Process Hacker features block by Avast selfprotection.
 
User avatar
TETYYS
Posts: 460
OS: Win 7 x64

Re: Avast block Process Hacker features

Wed Sep 28, 2016 12:59 pm

if you have a program that does not behave how you want and even blocks the features you want to use, which program is the malware here?
 
crowbarx5
Posts: 7
OS: Windows 8 64bi
Location: GErmany

Re: Avast block Process Hacker features

Thu May 04, 2017 11:50 pm

i removed avast since a year on my pc.
is use no more antivir software i dont need this.
 
Priester
Posts: 1
OS: Win 7 64
Location: Seattle

Re: Avast block Process Hacker features

Sun May 21, 2017 5:59 am

i removed avast since a year on my pc.
is use no more antivir software i dont need this.
No antivirus? That doesn't sound wise.
 
User avatar
dmex
Posts: 1164
Location: Australia

Re: Avast block Process Hacker features

Tue May 23, 2017 11:18 pm

No antivirus? That doesn't sound wise.
Antivirus software is a 'black box' and you have zero control over what it's scanning, analysing or even doing on your system and it's only ever able to handle threats after they have already infected a large number of machines... A recent example is how not even a single antivirus company was able to stop the recent Wannacrypt outbreak and it's a well known fact that not one company has ever detected malicious software during the first 24-48 hours after an outbreak and all you can do is twiddle your thumbs until they decide to update their signatures and start protecting your machine.

15 years ago the Blaster worm exploited an RPC network bug (port 135) before downloading and executing msblast.exe and it took days for Antivirus software to start detecting and removing the threat, fast forward to 2017 and Wannacrypt basically did the exact same thing and the time between the first infection and the first antivirus signatures was still around 48 hours...

You need tools like Process Hacker to investigate suspicious activity and a number of features were designed for this exact purpose. Process Hacker does things that antivirus software doesn't do and features such as showing processes, handles, loaded modules, network connections etc... makes Process Hacker much more capable at identifying zero-day threats because you yourself are able to identify and terminate threats.

Whats that? A new process called 'kernel.exe' built yesterday and making hundreds of connections? Open Process Hacker > Suspend and start analysing it for suspicious characteristics. Still don't like it? Right-click > Send To > VirusTotal for analysis (whom share it with over 50 security companies) and then right-click again and terminate.

Fast, simple, easy and the problem was solved within seconds. It's a lot more simple and easy than waiting on some guy in India or Russia to create Antivirus signatures and much more faster and efficient response time than Antivirus companies will ever be able to achieve and they know it.

Even the guy who stopped the Wannacrypt threat was using Process Hacker and uploaded a screenshot:
https://twitter.com/MalwareTechBlog/sta ... 88/photo/1

For example. How would you use Process Hacker to dump IP addresses? Memory tab > Strings > Regex:
^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$

Now you have the list of IP addresses used by that process and you can use that information to register the address and stop a global malware epidemic and it really is that simple.

4 Antivirus companies have started blocking Process Hacker as of this year and I've had somewhat lengthy conversations with a few of their representatives about it and they're not blocking Process Hacker because of an actual security issue or threat that required immediate attention... Avast, AVG and Kasperksy (to name a limited few) have some very bad security flaws in their software that can be easily identified by using Process Hacker and instead of fixing the underlying technical issue or rewriting their code to handle that case (I've told them how to solve it) they decided it was (apparently the only logical assumption) easier to block Process Hacker, take our their competition under bullshit 'security' excuses while also giving users the false impression those flaws have been fixed :sick:

If you for one second think that Antivirus is actually able to help you when you need it most then you are a very mistaken. Antivirus companies know this and they see Process Hacker as a threat not to their software, your security or your machine but to - the only thing they actually care about - their income and business model so they've started using some very dirty methods to make people think Process Hacker is somehow malicious.

I can't share too many details about the discussions with Antivirus companies since they contain details about security flaws but this response from Kaspersky basically sums up the others:

Image

And yet when you try installing Process Hacker:
Image

Or upload our binaries to VirusTotal:
https://www.virustotal.com/en/file/2804 ... /analysis/

That's not the only example from Kasperksy and some of my discussions with developers at some other Antivirus companies are just completely insane and I don't understand why people trust them at all whatsoever considering some of the things they do on users machines and the reasoning behind it.

We're quite literally on the same team FFS. It makes me mad that they're targeting Process Hacker instead of real dangerous threats like Wannacrypt. The entire Process Hacker source-code is on Github and can be 100% reviewed and verified. Anyone, anywhere can guarantee Process Hacker does not contain anything malicious.

If you really need Antivirus software then you need to find an alternative ASAP and who would you rather choose? Free open-source software with contributions from around the world that's even used for IT security training by companies such as CrowdStrike and the SANS institute or closed-source software from companies that have been targeting legitimate software and just wait for random individuals to handle threats like Wannacrypt (using the very same free open-source software they're blocking on users machines)? :P

The best thing about open-source software is that anyone can modify and personalize it for their particular situation. If malware tries to take down Process Hacker you can export the source from Github and change a few lines of code and solve the problem, improve the software and later post the code online for everyone else.

Who is online

Users browsing this forum: Bing, dmex and 3 guests