Menu
I have "Kaspersky Endpoint Security 10" on my windows. In my place, it has some server application too and if you want to close the application, you must enter the password which is determined in server side.
By the way, if you wanted to close the application process (avp.exe) by Task Manager or Resource Monitor, (even if you were administrator of current PC and you ran these applications as an Administrator), system tells that you does not have access to do it. Task Manager alerts:
The Operation could not be completed.
Access is denied.
And Resource Monitor informs:
When attempting to execute the command, the following system error occurred:
Access is denied.
So Why? Is there any access level in windows higher than system administrator? If Yes, what is it and who grants it? And if No, What is this error? Does Kaspersky uses any special idea? What is that idea?
And finally, can we add this feature to our applications too?
537
The Administrator account has full control of the files, directories, services, and other resources on the local computer. The Administrator account can create other local users, assign user rights, and assign permissions.
Go to the Start menu (or press Windows key + X) and select Computer Management. Then expand to Local Users and Groups, then Users. Select the Administrator and then right-click and select Properties. Uncheck Account is disabled to enable it, or check it to disable it.
Running apps as an administrator in Windows gives them extra privileges. It lets them edit the registry, change system files, and access other folders that are usually restricted. Sometimes, you need to run a program in administrator mode every time you use it.
I have "Kaspersky Endpoint Security 10" on my windows.
I'm so sorry.
Is there any access level in windows higher than system administrator?
Yes, sort of. There is SYSTEM, which represents the local machine itself and isn't a real user you can log in as. However, as an Administrator you have the ability to set services and tasks up to run as SYSTEM (see eg PsExec for how to use this to get a system shell) and change the permissions on files and processes belonging to SYSTEM, so there isn't actually a meaningful security boundary here.
Whilst you can get terminate permission back from administrator, this is unlikely to be the only trick Kaspersky has up its sleeve. There is an ongoing arms race between malware and antivirus authors(*) each trying to automate removing the other, so it would common to see eg persistent re-spawning preventing you from really getting rid of the process.
(* in as much as there is any concrete difference these days, when AV may itself be spyware...)
And finally, can we add this feature to our applications too?
Please, no! This only irritates users and does not provide any real enforceable security.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
