Descloix 0 Posted May 24, 2018 Share Posted May 24, 2018 https://wj32.org/processhacker/forums/viewforum.php?f=5 A legitimate program that has been used by different people for many years to accurately remove processes, rootkits, to track processes and their actions in the system. Absolutely safe. ESET Endpoint Security 7.0.2053.0 delete file kprocesshacker.sys and remove from Program Files program folder. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted May 24, 2018 Administrators Share Posted May 24, 2018 The detection is correct. Process Hacker is not detected as malware but as a potentially unsafe application. This detection covers legitimate tools that can be misused in the wrong hands for malicious purposes. It is disabled by default and users enable it at their discretion. Tools like this have been seen to be misused by hackers for killing security solutions after breaching into networks which enabled them to run ransomware and subsequently extort money from the victim. If you want to use the tool while keeping detection of pot. unsafe application enabled, exclude it from detection. Link to comment Share on other sites More sharing options...
Descloix 0 Posted May 24, 2018 Author Share Posted May 24, 2018 (edited) 37 minutes ago, Marcos said: The detection is correct. Process Hacker is not detected as malware but as a potentially unsafe application. This detection covers legitimate tools that can be misused in the wrong hands for malicious purposes. It is disabled by default and users enable it at their discretion. Tools like this have been seen to be misused by hackers for killing security solutions after breaching into networks which enabled them to run ransomware and subsequently extort money from the victim. If you want to use the tool while keeping detection of pot. unsafe application enabled, exclude it from detection. In that case, you need to make the module, as it is implemented in Comodo. The program writes that it considers this application potentially dangerous. And this application has helped me many times and has never harmed the system. The problem is that if you have a detect, then there not a choice. The file is immediately quarantined. It would be useful to isolate the file and write Win32 / ProcessHacker.A, then give the user a choice like on the screenshot in the attachment. But only for potentially unwanted or dangerous programs. This does not apply to viruses. The virus must be deleted. I do not have time to unzip and install the program. You immediately delete it. I return it from quarantine, but again I do not have time to add it to the exceptions. It is just necessary to turn off the antivirus. Edited May 24, 2018 by Descloix Link to comment Share on other sites More sharing options...
ESET Staff J.D. 33 Posted May 24, 2018 ESET Staff Share Posted May 24, 2018 Showing the interactive window to the end-user is not very good idea, because users often click "allow" and then get "infected". The decision should be in hands of administrator (e.g. through ERA console) who should add exclusions for potentially harmful tools he wants to use. Additionally when users clicked "allow" without adding an exclusion, the tool was detected again and again (by on-demand or on-access scanners). More information here: https://forum.eset.com/topic/14743-request-for-feedback-on-a-plan-to-change-handling-of-potentially-unwanted-unsafe-applications/ Link to comment Share on other sites More sharing options...
Descloix 0 Posted May 24, 2018 Author Share Posted May 24, 2018 2 minutes ago, J.D. said: Showing the interactive window to the end-user is not very good idea, because users often click "allow" and then get "infected". The decision should be in hands of administrator (e.g. through ERA console) who should add exclusions for potentially harmful tools he wants to use. Additionally when users clicked "allow" without adding an exclusion, the tool was detected again and again (by on-demand or on-access scanners). More information here: https://forum.eset.com/topic/14743-request-for-feedback-on-a-plan-to-change-handling-of-potentially-unwanted-unsafe-applications/ It's just incredible. It's just incredible. My 11-year-old sister knows that ask.com it is rare muck. One must be an idiot to allow to install this toolbar. By the way, virustotal............................................................ Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted May 24, 2018 Administrators Share Posted May 24, 2018 It's the PH driver which needs to be excluded. That doesn't matter if you create an exclusion by detection name which we prefer to excluding a particular file completely. Link to comment Share on other sites More sharing options...
Recommended Posts