Amr Elsisi 0 Posted May 23, 2019 Posted May 23, 2019 I've just downloaded,Installed ESET smart security premium,And i can just simply close it from task manger That's mean if someone hacked my pc he can just close the antivirus then uninstall it in 1 minute ! Is that the antivirus or it's a bug !
Administrators Marcos 5,450 Posted May 23, 2019 Administrators Posted May 23, 2019 I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.
itman 1,801 Posted May 23, 2019 Posted May 23, 2019 Strange behavior with equiProxy.exe using Win 10 Task Manager. If you try to end the process, you won't get an access denied message. Appears Task Manager just ignores the termination request. In Process Explorer, you will get an access denied message if you try to suspend/terminate equiProxy.exe.
Amr Elsisi 0 Posted May 23, 2019 Author Posted May 23, 2019 When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes Does that mean i'm safe against any virus even if the application is closed ? Just now, Marcos said: I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.
Administrators Marcos 5,450 Posted May 24, 2019 Administrators Posted May 24, 2019 4 hours ago, Amr Elsisi said: When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected.
Amr Elsisi 0 Posted May 24, 2019 Author Posted May 24, 2019 4 hours ago, Marcos said: What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected. I'm windows 7 x64 bit There's a video showing my problem bandicam 2019-05-24 11-11-23-928.rar
Administrators Marcos 5,450 Posted May 24, 2019 Administrators Posted May 24, 2019 It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy.
Amr Elsisi 0 Posted May 25, 2019 Author Posted May 25, 2019 On 5/24/2019 at 11:22 AM, Marcos said: It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy. I don't know! how can i enable it ?
Administrators Marcos 5,450 Posted May 25, 2019 Administrators Posted May 25, 2019 It's enabled by default in HIPS setup:
Amr Elsisi 0 Posted May 27, 2019 Author Posted May 27, 2019 (edited) On 5/25/2019 at 2:37 PM, Marcos said: It's enabled by default in HIPS setup: Self defence is already enabled !! and i still have the same problem Edited May 27, 2019 by Amr Elsisi
Most Valued Members Nightowl 206 Posted May 27, 2019 Most Valued Members Posted May 27, 2019 Are you sure , you are able to close the ESET Service and not the GUI?
Amr Elsisi 0 Posted May 27, 2019 Author Posted May 27, 2019 24 minutes ago, Rami said: Are you sure , you are able to close the ESET Service and not the GUI? ekrn closes but opens again automatically i want the message which says acess denied like any other antivirus and like the screenshot above
itman 1,801 Posted May 27, 2019 Posted May 27, 2019 (edited) Do this. Terminate ekrn.exe in Task Manager. Close Task Manager. Reopen Task Manager and see if ekrn.exe is now running which I suspect it is. What I suspect is the issue is Win 7 Task Manager. It appears to terminate ekrn.exe where in fact it does not. In other words, the attempted ekrn.exe termination silently fails. In Win 10, ekrn.exe runs as a protected process - antimalware; i.e. PPL. This is what causes the access denied popup to appear and prevents Task Manager from attempting to terminate ekrn.exe. Edited May 27, 2019 by itman
itman 1,801 Posted May 27, 2019 Posted May 27, 2019 4 minutes ago, Amr Elsisi said: i want the message which says acess denied like any other antivirus and like the screenshot above As I just posted, upgrade to Win 10 and you will receive the access denied message. Win 7 does not support/provide protected process protection.
ESET Insiders stackz 115 Posted May 27, 2019 ESET Insiders Posted May 27, 2019 In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box
itman 1,801 Posted May 27, 2019 Posted May 27, 2019 2 hours ago, stackz said: In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box Now that it has been established that access denied popup should also be appearing in Win 7, it appears that the OP's Win 7 service permissions are corrupted. Refer to the below screen shot. Ekrn.exe service permission is Read only. If OP's service permissions on Win 7 are corrupted, this is a major security issue for him since other Win 7 services might be affected which obviously don't employ self-protection mechanisms such as Eset has.
zamar27 5 Posted May 28, 2019 Posted May 28, 2019 So it makes sense to upgrade to Win 10. One can read more about protected processes in Protecting Anti-Malware Services.
Recommended Posts