I could try to detect if test mode is enabled and depending on if it is or not choose the driver to load, and i could not just have the driver file in the app dir but encrypted in the app resources, such that only if the tool chooses to use the process hacker driver virus scanners will see that file.
To be more precise, it starts sometimes, and I get a message from Avast that Self-Defense has blocked kprocesshacker.sys from touching any Avast processes. FYI, here's the message:
hmm... i will ad an option to not load the driver, just in case, in the next build just add "UseKProcessHacker=false" to the "[Options]" section
does avast free include this selfe defence feature? cause i tryed it in a VM just now with teh free version and it did not comlain Also what happens when the error occurs? Does it forcefully unloads the driver? does it kill the process (i would be surprized if it would do that) I need some more details as i can't reproduce the issue with the free avast version.
Yes, it is Avast Free. Note that it seems to complain if Task Explorer is started with Elevation (as it is not of much use in limited mode). A new one: When I try to view the threads of certain processes (FileZilla 32bit in my case), Task Explorer crashes silently to the Desktop, no error message. It closes as soon as I switch to the Threads tab (or selecting the process if Threads is already open).
Ok, I see, it seams this feature gets only enabled after a reboot, my first tests was just install avast and start task explorer in a VM. After I rebooted the VM I now get the self deffence warning as well.
I'll try to reproduce with the Debug build. Yes, expect similar mechanisms in other AV software (at least in AVG, as it is essentially the same as Avast).
Unfortunately, I can't run the Debug build, as it's the 64bit version. The system in question is a 32bit-only system. Would need the x86 version for that one. Oh, and Zippyshare seems to be blocked here in Europe, getting 403. Had to use TOR Browser.
Strangely, if using the Installer, it always created Start Menu links for the x86 version, even in a x64 environment.
Yes it does, but when the x86 version is started in a x64 environment, it automatically starts the x64 bit version and terminates itself.
Does the Installer include the two ZIP files with the alternative processhacker files? If yes, then, at least with v7, they were never installed anywhere. How does one get them out?
