Jump to content
MikeL

Self Defense - Process ID (Name)

Recommended Posts

Is there anyway to make the logs and email display the actual process name of the PID that is trying to access the restricted PID?

 

For instance:

Process (PID 3176) tried to access Kaspersky Anti-Virus process (PID 3760), but the action has been blocked by the Self-Defense component. No action on your part is necessary.

 

 

Is it possible to make it list the actual .EXE filename which initiated the access attempt?

 

Thanks,

Mike

Share this post


Link to post

Hello Mike,

 

Unfortunately that seems like a feature that should be requested :)

Share this post


Link to post

Hello,

 

Actually if you want to know which process has this PID, you must read this FAQ.

 

D.

Share this post


Link to post
Hello,

 

Actually if you want to know which process has this PID, you must read this FAQ.

 

D.

 

Thanks, but i know how to find out what process has the PID. I was just curious if there's anyway to make KL Admin Kit report the actual process name rather only listing the PID. Reason being is sometimes a process with open then close immediately after, not allowing you to see what caused the event.

Share this post


Link to post

That would be an excellent feature request for next version of WKS.

Share this post


Link to post

Added to suggestions. :)

 

If anyone can think of a way to accomplish this in the current release, I'd appreciate some ideas. Maybe something along the lines of running an executable that will gather this info from the remote PC and report it to a log file of some sort. I was trying to create something with Systernals pslist, but the admin kit didn't like the .cmd file i was executing it from too much.

 

Thanks,

Mike

Share this post


Link to post

Hello,

 

Administration Kit can only deploy .bat and .exe files, you can create your own package with this kind of extension using pslist.exe

Ok let say you can use pslist tool to list all PID but there is a problem I think. You can create this list as a specific moment, I mean not in real time. Then how will you know that a specific PID corresponds to a specific process ? Especially if this process is opened then close immediately.

 

This can be a good feature request, but I don't really know why you want to have the list of PID trying to access to avp.exe

Edited by Tybilly

Share this post


Link to post

Because its a good idea to track IF malicious programs are opening avp, this way you can disipline users :)

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.