Descloix

False positive for Process Hacker 3.0

Recommended Posts

https://wj32.org/processhacker/forums/viewforum.php?f=5 

A legitimate program that has been used by different people for many years to accurately remove processes, rootkits, to track processes and their actions in the system. Absolutely safe. ESET Endpoint Security 7.0.2053.0 delete file kprocesshacker.sys and remove from Program Files program folder.

Share this post


Link to post
Share on other sites

The detection is correct. Process Hacker is not detected as malware but as a potentially unsafe application. This detection covers legitimate tools that can be misused in the wrong hands for malicious purposes. It is disabled by default and users enable it at their discretion. Tools like this have been seen to be misused by hackers for killing security solutions after breaching into networks which enabled them to run ransomware and subsequently extort money from the victim.

If you want to use the tool while keeping detection of pot. unsafe application enabled, exclude it from detection.

Peter Randziak likes this

Share this post


Link to post
Share on other sites
Posted (edited)
37 minutes ago, Marcos said:

The detection is correct. Process Hacker is not detected as malware but as a potentially unsafe application. This detection covers legitimate tools that can be misused in the wrong hands for malicious purposes. It is disabled by default and users enable it at their discretion. Tools like this have been seen to be misused by hackers for killing security solutions after breaching into networks which enabled them to run ransomware and subsequently extort money from the victim.

If you want to use the tool while keeping detection of pot. unsafe application enabled, exclude it from detection.

In that case, you need to make the module, as it is implemented in Comodo. The program writes that it considers this application potentially dangerous. And this application has helped me many times and has never harmed the system. The problem is that if you have a detect, then there not a choice. The file is immediately quarantined. It would be useful to isolate the file and write Win32 / ProcessHacker.A, then give the user a choice like on the screenshot in the attachment. But only for potentially unwanted or dangerous programs. This does not apply to viruses. The virus must be deleted. I do not have time to unzip and install the program. You immediately delete it. I return it from quarantine, but again I do not have time to add it to the exceptions. It is just necessary to turn off the antivirus.

index.png

Edited by Descloix

Share this post


Link to post
Share on other sites

Showing the interactive window to the end-user is not very good idea, because users often click "allow" and then get "infected". The decision should be in hands of administrator (e.g. through ERA console) who should add exclusions for potentially harmful tools he wants to use. Additionally when users clicked "allow" without adding an exclusion, the tool was detected again and again (by on-demand or on-access scanners). More information here:

https://forum.eset.com/topic/14743-request-for-feedback-on-a-plan-to-change-handling-of-potentially-unwanted-unsafe-applications/

 

Peter Randziak likes this

Share this post


Link to post
Share on other sites
2 minutes ago, J.D. said:

Showing the interactive window to the end-user is not very good idea, because users often click "allow" and then get "infected". The decision should be in hands of administrator (e.g. through ERA console) who should add exclusions for potentially harmful tools he wants to use. Additionally when users clicked "allow" without adding an exclusion, the tool was detected again and again (by on-demand or on-access scanners). More information here:

https://forum.eset.com/topic/14743-request-for-feedback-on-a-plan-to-change-handling-of-potentially-unwanted-unsafe-applications/

 

It's just incredible.  It's just incredible. My 11-year-old sister knows that ask.com it is rare muck. One must be an idiot to allow to install this toolbar.

By the way, virustotal............................................................

 

 

2018-05-24_9-04-23.jpg

Share this post


Link to post
Share on other sites

It's the PH driver which needs to be excluded. That doesn't matter if you create an exclusion by detection name which we prefer to excluding a particular file completely.

Peter Randziak likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.