nod32krn process killing

Why the nod32krn process is not protected from killing. If i kill it by task manager it restarts but it is not protected like other antiviruses from process killing. I think that this is a security risk because if virus killes this process it can infect the computer during the time needed for nod32krn process to restart.

 

It's not so important.
Think this example: the av process is protected. You run a malware that try to kill the process of the AV. the malware will can't but it will infect your system without problems. So, if the malware can or can't kill the av process it makes no difference. The main problem is when the AV can't detect the malware, because if NOD detect the malware, then the malware will not have chance to kill any process. Moreover, there're many and many modes for kill process, it's technical impossible to make a process 100% secure from being killed. You can try Process guard from DiamondCS.

 

It's all ok. But when the definitions for that malware are available later with the antivirus with protetcted process you will be protected. And the antivirus without killing protection will be also damaged by mallware so you will not be protected after the availability of definitions. I think that if the antivirus is active it will not get damaged because it is in use. Thats why i think that killing protection is so important. And if it's not important why other antiviruses use that kind of protection.

 

No, for example, if the kernel is protected, the malware will can't delete or damage it because is protected and running, but what happend with the rest of the components? Scanner, Update, etc.
The most hardened AV is KAV and KAV hasn't all process protected. For example, KAV Scanner and Updater aren't protected at all. I'm speaking about 4.5 version, I never used and I don't want to test 5.

 

The other files of the antivirus can be monitored for unauthorised canges, if they were changed the antivirus can alarm you and you will know that something is wrong and get some necesary steps. But the damaged antivirus kernel can't alarm you. Also i can suspend the process "nod32krn" and there is no way to see if the antivirus is paused without special tools or too check that it is not scanning files in AMON status.

 

I agree that KAV is more "hardened" than NOD32, but that's also why it has more compatibility and stability issues on so many systems, and why it kills performance so much more than NOD32.

I love KAV, but man, that's one hell of a security trade-off. I'm using NOD32 right now.

 

If something kill nod32krn.exe, the service restart itself and you'll be protected again.
Moreover, NOD32 Scanner check itself if something has infected nod32.exe and if that occurs, then NOD will alert you and you'll know there're something wrong.

 

When it's killed it will be infected so it can't restart. And with infected kernel you cannot be protected, after that the virus takes the controll of the computer.
I know that NOD32 is one of the best antiviruses and i use it. I have tried KAV and i uninstaled it in 3 days. But i think that ESET should implement the process killing protection in NOD32 and it isn't so hard to implement because many other security products use that, for example: KAV, Ewido, Trojan Hunter etc.

 

I'me having trouble that the NOD installtions on clients HANGS and do not report to the RAS in the specified time window (5 minutes) and thus not updates itself - After several hours/days of hanging and not updating, I decided to KILL the nod32krn process, and after that it worked fine and reportet to the RAS every 5 minutes.... (But some days later it hanged again)

My experience is that nod32krn seems to lock up sometimes when it comes to reporting back to the RAS, and beeing able to KILL/RESET the process without restarting the entire server is crucial to me, so I would not like the process to be KILL protected. (It would make alot more HASSLE when this reporting to RAS hangs occures) - And It happens every now and then on my servers (it seldom happens at the workstations, but come to think about it, they are turned off at night, and restarted in the morning)

So a KILL protection would not be appreciated by me......

--
an10bill

 

If I have understood Nancy McAleavey's post correctly in https://www.wilderssecurity.com/showthread.php?t=62006&highlight=BOClean then running numerous applications/programmes such as NOD32 with their own kill protection is not necessarily beneficial to system stability- much better to have one programme such as Process Guard, as mentioned by sir_carew, to do the job for all that need it.

 

I have to agree.. I seriously doubt that NOD32's anti-termination protection will let you down, but if you are worried about it get ProcessGuard. It will protect everything you want from termination and more.

 

Frankly, there are always ways how to kill a process. Such programs can only make it more difficult, but relying on an idea of being 100% protected is utopic.