Process Hacker and Windows discussion

 
oafsalot
New User
OS: Win 10
Location: UK

Process Hack now seen as malware by Windows Defender.

29 Nov 2019, 21:49

Just had to resintall process hacker, only to be met by a arning upon running it that it was a virus.

Had to allow it in windows defender and then reinstall for a thrid time.

This is not good.

Oafs
 
wowjustwow
New User
OS: 10
Location: United States

Re: Process Hack now seen as malware by Windows Defender.

30 Nov 2019, 06:32

I about had a heart attack. I've been using Process Hacker for 3 years and never had any issue. I originally got it to monitor when windows 10 was doing funky and unwanted things in the background and now suddenly it's malware? Uh huh, Microsoft... sure it is..
 
orion44
Member
OS: Windows 7 64bit

Re: Process Hack now seen as malware by Windows Defender.

30 Nov 2019, 18:58

Same here, flagged as malware as soon as I opened Process Hacker. Guess those security experts at Microsoft know what's up.
 
expert_vision
Member
OS: Windows 7 64bit

Re: Process Hack now seen as malware by Windows Defender.

01 Dec 2019, 11:04

Looks like they made a dedicated thread ID for it https://www.microsoft.com/en-us/wdsi/th ... 2147221926.
Maybe this can be addressed with Microsoft.
 
HighGuard
Member
Location: UK

Re: Process Hack now seen as malware by Windows Defender.

04 Dec 2019, 12:45

There are more Process Hacker 2 users on other forums (Malwarebytes) who've run into this new problem. It does not just affect Defender but also MSE (Microsoft Security Essentials) which almost certainly uses the same MS definitions.

No other security software is reporting any problems so why PH2 is suddenly being flagged as a hack tool threat MS need to explain.

That thread linked to by expert_vision is pretty much useless, as are so many MS help pages, but the fact the article is there and published only last week, just before the most recent Defender/MSE definitions updates causing these reports is suspicious. Just look at the primary source of concern cited in the article:-
Hacktools can be used to patch or "crack" some software so it will run without a valid license or genuine product key.
Its not that hack tools can be used to gain remote access to your PC, stuff up your system and steal your money no, it is MS suddenly being concerned that hack tools can be used for that including Windows OS and other MS products. Can PH2 even be used for that? Has it ever been used in this way? MS probably also do like the fact PH2 can be used as replacement for Task Manager and is more useful. It is good at highlighting and locating MS snooping software which they've a habit of sneaking onto our computers as "important" updates.

The fact is MSE and I assume Defender have been happy with PH2 for years so this is new behaviour and undoubtedly the result of the MS definitions update - whether deliberate or accidental awaits to be seen.

What is ironic is that if you're using the 64bit version of PH2 the quarantined files do not include the x86 folder which contain the 32bit Process Hacker.exe. Pretty dumb if this is an intentional change for genuine security reasons.