Jump to content
scar11

AVP.exe process vulnerable to termination techniques used by Process Hacker

Recommended Posts

Hello,

 

I am not sure whether this is a bug or not, but I realized that using Process Hacker, I was able to terminate the AVP.exe processes running by Kaspersky Internet Security 2014 on my computer.

I made sure to have the self-defense of the application enabled, but that did not prevent Process Hacker from terminating AVP.exe.

 

I realized that process hacker can be ran as a command line utility to kill a process. Process Hacker can be transported as a standalone app and so can be embedded in a packed malware. I think that it could

easily be invoked by malware to terminate KAV process which took a certain time to restart automatically in my PC. In the meantime, I was able to successfully download and start EICAR.COM that displayed the

payload meaning that the computer was not protected during this time. I don't know to what extent this could reduce the protection level of Kaspersky, but it certainly does, at least that AVP can be terminated is

I think something that should be addressed seriously.

 

Thanks

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×