I do not regularly use it... Perhaps, I used it last a few years back, but I keep it updated for emergency purpose in PortableApps Library. Today, WSA flagged the 32 & 64 bit .sys files [kprocesshacker.sys] as W32.Riskware.Processhacker SHA256: 70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4 SHA256: 0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc I checked the file it VT as found that it indeed is being detected by some prominent names, such as Kaspersky, Dr. Web, Sophos, QuickHeal, Fortinet etc,. Sophos has even a threat analyses page on Process Hacker! https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Process Hacker.aspx Bitdefender perhaps also detects it as a Potential Unwanted Application. https://wj32.org/processhacker/forums/viewtopic.php?t=2919 "Process Hacker is detected as Potential Unwanted Application (PUA/PUP) by AV Defender because it might nefariously interfere with AV Defender Services rendering them inoperable and unable to protect the end user against threats." Why is that? AFAIK it is a powerful task manager and lets you do some customization, but no novice users do that... If a software that lets you power-customize your system, falls within the definition of Riskware, then the whole bunch of tools, e.g. Autoruns, Process Explorer should also fall in this category, isn't it? I have submitted the files as FP to Webroot, although I am sure that they did this with intention.
It is always up to AV to decide, what category it belongs to. Using PH can actually get you VAC Ban on steam as well. Psexec is MS tool and it is actively used by malware to infect computers and yet no AV detects it as riskware (except AdAware).
Indeed, basically PH can terminate any AV, regardless of its self-protection mechanisms. This is a nice definition:
How are they doing this? Is this because, PH source code is available as open source? So, PH has become more powerful and popular. Exactly... Same thought here. It seems that they are scared of being sued by M$.
IMO, reporting vulnerabilities in an application is one thing and reporting the whole application as malicious is another thing! Developer becomes aware of the issues in the first case, and the consumer gets scared in the next case! One may say that PH is a tool intended for power users, who are supposed to understand the reason behind the detection. But, I wonder how many power users read the detection names and type! A detection by conservative vendors like Kaspersky is easy to turn many off thinking that the executable is compromised...
