Absol
Topic Author
Posts: 14
OS: Windows 7 32bit

Avast block Process Hacker features

Tue Sep 27, 2016 12:36 pm

Avast block process hacker driver, possible to bypass this ?
 
User avatar
TETYYS
Posts: 460
OS: Win 7 x64

Re: Avast block Process Hacker features

Tue Sep 27, 2016 10:57 pm

remove avast
 
crowbarx5
Posts: 7
OS: Windows 8 64bi
Location: GErmany

Re: Avast block Process Hacker features

Wed Sep 28, 2016 3:15 am

add a rule exception for p.h. ?
 
Absol
Topic Author
Posts: 14
OS: Windows 7 32bit

Re: Avast block Process Hacker features

Wed Sep 28, 2016 12:56 pm

Part of Process Hacker features block by Avast selfprotection.
 
User avatar
TETYYS
Posts: 460
OS: Win 7 x64

Re: Avast block Process Hacker features

Wed Sep 28, 2016 12:59 pm

if you have a program that does not behave how you want and even blocks the features you want to use, which program is the malware here?
 
crowbarx5
Posts: 7
OS: Windows 8 64bi
Location: GErmany

Re: Avast block Process Hacker features

Thu May 04, 2017 11:50 pm

i removed avast since a year on my pc.
is use no more antivir software i dont need this.
 
Priester
Posts: 1
OS: Win 7 64
Location: Seattle

Re: Avast block Process Hacker features

Sun May 21, 2017 5:59 am

i removed avast since a year on my pc.
is use no more antivir software i dont need this.
No antivirus? That doesn't sound wise.
 
User avatar
dmex
Posts: 1167
Location: Australia

Re: Avast block Process Hacker features

Tue May 23, 2017 11:18 pm

if you have a program that does not behave how you want and even blocks the features you want to use, which program is the malware here?
Yep.
No antivirus? That doesn't sound wise.
Antivirus software is a 'black box' and you have zero control over what it's scanning, analysing or even doing on your system and it's only ever able to handle threats after they have already infected a large number of machines... A recent example is how not even a single antivirus company was able to stop the recent Wannacrypt outbreak and it's well known that antivirus companies have never been able to detect malicious software during the first 24-48 hours and all you can do is twiddle your thumbs until they decide to update their signatures and start protecting your machine.

15 years ago the Blaster worm exploited an RPC network bug (port 135) before downloading and executing msblast.exe and it took days for Antivirus software to start detecting and removing the threat, fast forward to 2017 and Wannacrypt basically did the exact same thing and the time between the first infection and the first antivirus signatures was still around 48 hours and during that time it spread across the globe...

You need tools like Process Hacker to investigate suspicious activity and a number of features were designed for this exact purpose. Process Hacker does things that antivirus software doesn't do and features such as showing processes, handles, loaded modules, network connections etc... makes Process Hacker much more capable at identifying zero-day threats because you yourself are able to identify and terminate threats.

Whats that? A new process called 'kernel.exe' built yesterday and making hundreds of connections? Open Process Hacker > Suspend and start analysing it for suspicious characteristics. Still don't like it? Right-click > Send To > VirusTotal for analysis (whom share it with over 50 security companies) and then right-click again and terminate.

Fast, simple, easy and the problem was solved within seconds. It's a lot more simple and easy than waiting on some guy in India or Russia to create Antivirus signatures and much more faster and efficient response time than Antivirus companies will ever be able to achieve and they know it.

Even the guy who stopped the Wannacrypt threat was using Process Hacker and uploaded a screenshot:
https://twitter.com/MalwareTechBlog/sta ... 88/photo/1

For example. How would you use Process Hacker to dump IP addresses? Memory tab > Strings > Regex:
^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$

Now you have the list of IP addresses used by that process and you can use that information to register the address and stop a global malware epidemic and it really is that simple.

4 Antivirus companies have started blocking Process Hacker as of this year and I've had somewhat lengthy conversations with a few of their representatives about it and they're not blocking Process Hacker because of an actual security issue or threat that required immediate attention... Avast, AVG and Kaspersky (to name a limited few) have some very bad security flaws in their software that can be easily identified by using Process Hacker and instead of fixing the underlying technical issue or rewriting their code to handle that case (I've told them how to solve it) they decided it was (apparently the only logical assumption) easier to block Process Hacker, slander their competition under the guise of bullshit 'security' excuses and also giving users the false impression those flaws have been fixed because if Process Hacker can't do it then nothing else can right? right!? :sick:

If you for one second think that Antivirus is actually able to help you when you need it most then you are a very mistaken. Antivirus companies know this and they see Process Hacker as a threat not to their software, your security or your machine but to - the only thing they actually care about - their income and business model so they've started using some very dirty methods to make people think Process Hacker is somehow malicious.

I can't share too many details about the discussions with Antivirus companies since they contain details about security flaws but this response from Kaspersky basically sums up the others:

Image

And yet when you try installing Process Hacker:
Image

Or upload our binaries to VirusTotal:
https://www.virustotal.com/en/file/2804 ... /analysis/

That's not the only example from Kaspersky and some of my discussions with developers at some other Antivirus companies are just completely insane and I don't understand why people trust them at all whatsoever considering some of the things they do on users machines and the reasoning behind it.

We're quite literally on the same team FFS. It makes me mad that they're targeting Process Hacker instead of real dangerous threats like Wannacrypt. The entire Process Hacker source-code is on Github and can be 100% reviewed and verified. Anyone, anywhere can guarantee Process Hacker does not contain anything malicious.

If you really need Antivirus software then you need to find an alternative ASAP and who would you rather choose? Free open-source software with contributions from around the world that's even used for IT security training by companies such as CrowdStrike and the SANS institute or closed-source software from companies that have been targeting legitimate software and just wait for random individuals to handle threats like Wannacrypt (whom use the very same free open-source software they're blocking on users machines)? :P

The best thing about open-source software is that anyone can modify and personalize it for their particular situation. If malware tries to take down Process Hacker you can export the source from Github and change a few lines of code and solve the problem, improve the software and later post the code online for everyone else while updates to closed-source 'security' software depends entirely on whether or not the company feels like doing something about it and only after their developers even show up for work...

You will also never get in touch with an actual developer of Avast, AVG or Kaspersky but you can always contact any open-source developer anytime and we don't hide our contact information (or our source code!) and we always do our best to help and/or discuss features with you directly (instead of useless PR people) and take responsibility for our mistakes which is in stark contrast to the business model, policies of those companies and the developers working there.

At the end of the day the security of your machine is your responsibility and closed-source security software will never let you submit improvements and will also never let you take control of your own security (or let you contact the actual developers!) and yet open-source software does make that guarantee because the source is available, the developers are available and you can always make whatever changes necessary to suit your security requirements. ;)

Who is online

Users browsing this forum: AhrefsBot and 0 guests