Jump to content

Recommended Posts

Posted

I've just downloaded,Installed ESET smart security premium,And i can just simply close it from task manger

That's mean if someone hacked my pc he can just close the antivirus then uninstall it in 1 minute !

Is that the antivirus or it's a bug !

  • Administrators
Posted

I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.

Posted

Strange behavior with equiProxy.exe using Win 10 Task Manager. If you try to end the process, you won't get an access denied message. Appears Task Manager just ignores the termination request. In Process Explorer, you will get an access denied message if you try to suspend/terminate equiProxy.exe.

Posted

When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes

Does that mean i'm safe against any virus even if the application is closed ?

Just now, Marcos said:

I strongly doubt that you were able to stop or quit ekrn.exe, especially with self-sefense enabled. Please shoot a demonstration video.

 

  • Administrators
Posted
4 hours ago, Amr Elsisi said:

When i close eset service from task manger (ekrn.exe) it opens again automatically but the application closes

What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected.

 

image.png

Posted
4 hours ago, Marcos said:

What OS do you use? Do you have self-defense enabled? Killing ekrn is not possible with SD on. Even if turned off for whatever reason (e.g. the user forgot to re-enable it after some tests), ekrn should be restarted automatically and keep your computer protected.

 

image.png

I'm windows 7 x64 bit

There's a video showing my problem

bandicam 2019-05-24 11-11-23-928.rar

  • Administrators
Posted

It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy.

Posted
On 5/24/2019 at 11:22 AM, Marcos said:

It looks like self-defense is disabled, is that correct? However, you were not able to terminate ekrn.exe, only egui / egui_proxy.

I don't know! how can i enable it ?

  • Administrators
Posted

It's enabled by default in HIPS setup:

image.png

Posted (edited)
On 5/25/2019 at 2:37 PM, Marcos said:

It's enabled by default in HIPS setup:

image.png

Self defence is already enabled !!

and i still have the same problem

Edited by Amr Elsisi
  • Most Valued Members
Posted

Are you sure , you are able to close the ESET Service and not the GUI?

Posted
24 minutes ago, Rami said:

Are you sure , you are able to close the ESET Service and not the GUI?

ekrn closes but opens again automatically 

i want the message which says acess denied like any other antivirus and like the screenshot above

Posted (edited)

Do this.

Terminate ekrn.exe in Task Manager. Close Task Manager. Reopen Task Manager and see if ekrn.exe is now running which I suspect it is.

What I suspect is the issue is Win 7 Task Manager. It appears to terminate ekrn.exe where in fact it does not. In other words, the attempted ekrn.exe termination silently fails.

In Win 10, ekrn.exe runs as a protected process - antimalware; i.e. PPL. This is what causes the access denied popup to appear and prevents Task Manager from attempting to terminate ekrn.exe.

Edited by itman
Posted
4 minutes ago, Amr Elsisi said:

i want the message which says acess denied like any other antivirus and like the screenshot above

As I just posted, upgrade to Win 10 and you will receive the access denied message. Win 7 does not support/provide protected process protection.

  • ESET Insiders
Posted

In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box

 

terminate.JPG

Posted

 

2 hours ago, stackz said:

In windows 7, any attempt to terminate an ESET process from task manager fails and displays the following message box

Now that it has been established that access denied popup should also be appearing in Win 7, it appears that the OP's Win 7 service permissions are corrupted. Refer to the below screen shot. Ekrn.exe service permission is Read only. If OP's service permissions on Win 7 are corrupted, this is a major security issue for him since other Win 7 services might be affected which obviously don't employ self-protection mechanisms such as Eset has.

Eset_ekrn.thumb.png.c2f32ab507bf97fa45974b44a140f88e.png

 

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...