Amr Elsisi 0 Posted May 23, 2019 Share Posted May 23, 2019 I've just downloaded,Installed ESET smart security premium,And i can just simply close it from task manger That's mean if someone hacked my pc he can just close the antivirus then uninstall it in 1 minute ! Is that the antivirus or it's a bug ! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted May 23, 2019 Administrators Share Posted May 23, 2019 I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video. Link to comment Share on other sites More sharing options...
itman 1,542 Posted May 23, 2019 Share Posted May 23, 2019 Strange behavior with equiProxy.exe using Win 10 Task Manager. If you try to end the process, you won't get an access denied message. Appears Task Manager just ignores the termination request. In Process Explorer, you will get an access denied message if you try to suspend/terminate equiProxy.exe. Link to comment Share on other sites More sharing options...
Amr Elsisi 0 Posted May 23, 2019 Author Share Posted May 23, 2019 When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes Does that mean i'm safe against any virus even if the application is closed ? Just now, Marcos said: I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted May 24, 2019 Administrators Share Posted May 24, 2019 4 hours ago, Amr Elsisi said: When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected. Link to comment Share on other sites More sharing options...
Amr Elsisi 0 Posted May 24, 2019 Author Share Posted May 24, 2019 4 hours ago, Marcos said: What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected. I'm windows 7 x64 bit There's a video showing my problem bandicam 2019-05-24 11-11-23-928.rar Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted May 24, 2019 Administrators Share Posted May 24, 2019 It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy. Link to comment Share on other sites More sharing options...
Amr Elsisi 0 Posted May 25, 2019 Author Share Posted May 25, 2019 On 5/24/2019 at 11:22 AM, Marcos said: It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy. I don't know! how can i enable it ? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,716 Posted May 25, 2019 Administrators Share Posted May 25, 2019 It's enabled by default in HIPS setup: Link to comment Share on other sites More sharing options...
Amr Elsisi 0 Posted May 27, 2019 Author Share Posted May 27, 2019 (edited) On 5/25/2019 at 2:37 PM, Marcos said: It's enabled by default in HIPS setup: Self defence is already enabled !! and i still have the same problem Edited May 27, 2019 by Amr Elsisi Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted May 27, 2019 Most Valued Members Share Posted May 27, 2019 Are you sure , you are able to close the ESET Service and not the GUI? Link to comment Share on other sites More sharing options...
Amr Elsisi 0 Posted May 27, 2019 Author Share Posted May 27, 2019 24 minutes ago, Rami said: Are you sure , you are able to close the ESET Service and not the GUI? ekrn closes but opens again automatically i want the message which says acess denied like any other antivirus and like the screenshot above Link to comment Share on other sites More sharing options...
itman 1,542 Posted May 27, 2019 Share Posted May 27, 2019 (edited) Do this. Terminate ekrn.exe in Task Manager. Close Task Manager. Reopen Task Manager and see if ekrn.exe is now running which I suspect it is. What I suspect is the issue is Win 7 Task Manager. It appears to terminate ekrn.exe where in fact it does not. In other words, the attempted ekrn.exe termination silently fails. In Win 10, ekrn.exe runs as a protected process - antimalware; i.e. PPL. This is what causes the access denied popup to appear and prevents Task Manager from attempting to terminate ekrn.exe. Edited May 27, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,542 Posted May 27, 2019 Share Posted May 27, 2019 4 minutes ago, Amr Elsisi said: i want the message which says acess denied like any other antivirus and like the screenshot above As I just posted, upgrade to Win 10 and you will receive the access denied message. Win 7 does not support/provide protected process protection. Link to comment Share on other sites More sharing options...
ESET Insiders stackz 94 Posted May 27, 2019 ESET Insiders Share Posted May 27, 2019 In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box Link to comment Share on other sites More sharing options...
itman 1,542 Posted May 27, 2019 Share Posted May 27, 2019 2 hours ago, stackz said: In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box Now that it has been established that access denied popup should also be appearing in Win 7, it appears that the OP's Win 7 service permissions are corrupted. Refer to the below screen shot. Ekrn.exe service permission is Read only. If OP's service permissions on Win 7 are corrupted, this is a major security issue for him since other Win 7 services might be affected which obviously don't employ self-protection mechanisms such as Eset has. Link to comment Share on other sites More sharing options...
zamar27 5 Posted May 28, 2019 Share Posted May 28, 2019 So it makes sense to upgrade to Win 10. One can read more about protected processes in Protecting Anti-Malware Services. Link to comment Share on other sites More sharing options...
Recommended Posts