Jump to content

Easy Protection !!!!

Amr Elsisi
 Share

Recommended Posts

Amr Elsisi

Amr Elsisi 0

Posted
Posted

I've just downloaded,Installed ESET smart security premium,And i can just simply close it from task manger

That's mean if someone hacked my pc he can just close the antivirus then uninstall it in 1 minute !

Is that the antivirus or it's a bug !

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

Strange behavior with equiProxy.exe using Win 10 Task Manager. If you try to end the process, you won't get an access denied message. Appears Task Manager just ignores the termination request. In Process Explorer, you will get an access denied message if you try to suspend/terminate equiProxy.exe.

Link to comment
Share on other sites
Amr Elsisi

Amr Elsisi 0

Posted
  • Author
Posted

When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes

Does that mean i'm safe against any virus even if the application is closed ?

Just now, Marcos said:

I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
4 hours ago, Amr Elsisi said:

When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes

What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected.

 

image.png

Link to comment
Share on other sites
Amr Elsisi

Amr Elsisi 0

Posted
  • Author
Posted
4 hours ago, Marcos said:

What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected.

 

image.png

I'm windows 7 x64 bit

There's a video showing my problem

bandicam 2019-05-24 11-11-23-928.rar

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy.

Link to comment
Share on other sites
Amr Elsisi

Amr Elsisi 0

Posted
  • Author
Posted
On 5/24/2019 at 11:22 AM, Marcos said:

It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy.

I don't know! how can i enable it ?

Link to comment
Share on other sites
Amr Elsisi

Amr Elsisi 0

Posted
  • Author
Posted (edited)
On 5/25/2019 at 2:37 PM, Marcos said:

It's enabled by default in HIPS setup:

image.png

Self defence is already enabled !!

and i still have the same problem

Edited by Amr Elsisi
Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted

Are you sure , you are able to close the ESET Service and not the GUI?

Link to comment
Share on other sites
Amr Elsisi

Amr Elsisi 0

Posted
  • Author
Posted
24 minutes ago, Rami said:

Are you sure , you are able to close the ESET Service and not the GUI?

ekrn closes but opens again automatically 

i want the message which says acess denied like any other antivirus and like the screenshot above

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

Do this.

Terminate ekrn.exe in Task Manager. Close Task Manager. Reopen Task Manager and see if ekrn.exe is now running which I suspect it is.

What I suspect is the issue is Win 7 Task Manager. It appears to terminate ekrn.exe where in fact it does not. In other words, the attempted ekrn.exe termination silently fails.

In Win 10, ekrn.exe runs as a protected process - antimalware; i.e. PPL. This is what causes the access denied popup to appear and prevents Task Manager from attempting to terminate ekrn.exe.

Edited by itman
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
4 minutes ago, Amr Elsisi said:

i want the message which says acess denied like any other antivirus and like the screenshot above

As I just posted, upgrade to Win 10 and you will receive the access denied message. Win 7 does not support/provide protected process protection.

Link to comment
Share on other sites
  • ESET Insiders
stackz

stackz 112

Posted
  • ESET Insiders
Posted

In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box

 

terminate.JPG

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted

 

2 hours ago, stackz said:

In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box

Now that it has been established that access denied popup should also be appearing in Win 7, it appears that the OP's Win 7 service permissions are corrupted. Refer to the below screen shot. Ekrn.exe service permission is Read only. If OP's service permissions on Win 7 are corrupted, this is a major security issue for him since other Win 7 services might be affected which obviously don't employ self-protection mechanisms such as Eset has.

Eset_ekrn.thumb.png.c2f32ab507bf97fa45974b44a140f88e.png

 

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...