KAV\KIS\KTS\KFA\KS\KSOS: 20.0.14.1085 RC
-
Good news for everyone!
A new version of the beta build is available for download and testing.
You can download the version from the links below
Can be activated only through Internet. Beta-license is valid for 90 days.
Before installation of the new build, please uninstall the previous build (sometimes kavremover may be needed) and reboot the system
Advices for novice testers
- Do not proceed with testing without reading the instructions;
- All found bugs should be posted in the related topics so it would be wise to read their headers at first. Bug reports should contain all useful info (it will be clear after reading the instruction from p.1);
- The most convenient way to upload big files (traces or dumps): in .zip archive on OwnCloud.;
- Traces as well as app and driver verifiers are enable in this build.
- This area of forum is not connected to Tech Support (Bugs of Beta-products are collected here)
Additional Information
Please don't post on the beta forum if you are not participating in the beta testing.
-
-
-
It was hardened alot over the last years and you have to keep in mind that a malicious program still would have to go through most layers of protection from kaspersky before it can start a kernel driver and kill avp.exe.
The point is that you need a kernel driver to bypass selfdefense.
Trusted application mode, using an account with lower rights, User access control from windows or whatever its called, those are all good additional layer of protection against that.
-
Yeah, I know that PH for many years was always be able to terminate avp services, but I thought that was hardened in the last years...
-
Thats because Process Hacker starts a kernel driver(which requires administrator rights by the way), said driver gives it elevated rights and so makes it possible to terminate avp.exe.
Thats always been possible, you can also use for example gmer anti-rootkit.
If you start Process hacker without Admin rights you wont be able to kill avp.exe.
You cant really protect against that as far as i know because that happens on kernel level.
-
-
-