Adobe Acrobat Reader blocking antivirus tools from scanning loaded PDF documents


  • Staff
Adobe is blocking several antivirus tools actively from scanning PDF documents loaded by its Adobe Acrobat Reader application, according to a security report published by Minerva Labs.

The company found evidence that Adobe is blocking around 30 different security products from scanning loaded PDF documents. The list reads like the who is who of security companies, with one notable exception. Products from Trend Micro, McAfee, Symantec, ESET, Kaspersky, Malwarebytes, Avast, BitDefender and Sophos are blocked, according to the report. The one notable exception, at least from a market share point of view, is Microsoft Defender, which is not blocked by Adobe's software.

Read more:
 

Attachments

  • Adobe_Acrobat.png
    Adobe_Acrobat.png
    22.2 KB · Views: 0

jvickers

The lunatics have taken over the asylum
Pro User
VIP
Local time
9:57 PM
Posts
4,389
Location
Deep South, USA
OS
Windows 11 Pro
Hm... this leads me to wonder if Adobe Acrobat Pro blocks antivirus programs as well. I use Symantec's Norton 360.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home built
    CPU
    Ryzen 9 5900X
    Motherboard
    MSI MPG X570 GAMING EDGE WIFI
    Memory
    Crucial Ballistix Sport LT 3200 MHz DDR4 DRAM Desktop Gaming Memory 32MB
    Graphics Card(s)
    ZOTAC RTX 3060 Twin Edge OC/ ZOTAC Gaming GeForce GTX 1660 Super 6GB GDDR6 192-bit Gaming Graphics Card
    Sound Card
    Proprietary
    Monitor(s) Displays
    ViewSonic XG2530 25"/Benq XL2411P 24"/ Samsung SyncMaster BX2331 23"
    Screen Resolution
    1920x1080 240Hz/144Hz/60Hz (based on monitor setup above)
    Hard Drives
    SK hynix Gold P31 1TB PCIe NVMe Gen3 M.2 2280 Internal SSD
    ADATA XPG SX8200 Pro 1TB
    Samsung SSD 860 EVO 1TB 2.5 Inch SATA III Internal SSD
    PSU
    Thermaltake Smart 700W 80+ White Certified PSU
    Case
    Rosewill ATX Mid Tower Gaming Computer Case, Gaming Case with Blue LED for Desktop
    Cooling
    Corsair iCUE H60i RGB PRO XT Liquid CPU Cooler
    Keyboard
    Corsair K70
    Mouse
    Logitech MX Master 3
    Internet Speed
    120MB/s Download/ 10MB/s Upload
    Browser
    Edge (Chromium)
    Antivirus
    Norton 360
  • Operating System
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    AMD FX Black Edition
    Motherboard
    Asus M5A97 LE R2.0
    Memory
    16MB DDR
    Graphics card(s)
    I forget, but it's old.
    Sound Card
    Propietary
    Monitor(s) Displays
    ACER LED 24"
    Screen Resolution
    1920X1080
    Hard Drives
    1TB Samsung SSD 3.5"
    Case
    Corsair
    Cooling
    Stock
    Mouse
    Logitech
    Keyboard
    Logitech
    Internet Speed
    120MB/10MB
    Browser
    Chrome
    Antivirus
    Norton 360
    Other Info
    Currently taken down because of a lack of space :-(
    Maybe I'll make room somewhere and connect to the Dev channel if possible.

Mooly

Active member
VIP
Local time
2:57 AM
Posts
122
OS
W11 Pro x64 21H2
Adobe is blocking several antivirus tools actively from scanning PDF documents loaded by its Adobe Acrobat Reader application.....

Would/should an application (so Adobe in this case) interfering with an AV product not be classed as potential malware by the running AV product?

Perhaps Defender actually would flag the product as malicious as it detected it was being inhibited in some way and so that is why Defender is not actively blocked. Maybe it is one of the few products that can detect this behaviour.

If an application can do this then what is stop similar strategies being used by true malware. And what good are products that can not detect this happening?
 

My Computer

System One

  • OS
    W11 Pro x64 21H2
    Computer type
    Laptop
    Manufacturer/Model
    Dell 7760 Mobile Precision 17"
    CPU
    Intel i5
    Motherboard
    Unknown
    Memory
    8Gb
    Graphics Card(s)
    Intel HD Graphics
    Sound Card
    Realtek
    Monitor(s) Displays
    Internal
    Hard Drives
    2 x 256Gb SSD
    PSU
    Dell 240 watt
    Mouse
    Dell Premier Bluetooth
    Internet Speed
    50Mbps
    Browser
    Edge
    Antivirus
    Default Microsoft Security

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
Hm... this leads me to wonder if Adobe Acrobat Pro blocks antivirus programs as well. I use Symantec's Norton 360.


Here is the full list of affected companies and products:


Trend Micro, BitDefender, AVAST, F-Secure, McAfee, 360 Security, Citrix, Symantec, Morphisec, Malwarebytes, Checkpoint, Ahnlab, Cylance, Sophos, CyberArk, Citrix, BullGuard, Panda Security, Fortinet, Emsisoft, ESET, K7 TotalSecurity, Kaspersky, AVG, CMC Internet Security, Samsung Smart Security ESCORT, Moon Secure, NOD32, PC Matic, SentryBay



Adobe's software doesn't block MS Defender, just everyone else. Seems a bit suspicious to me. ^^
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Superfly

Well-known member
Member
VIP
Local time
3:57 AM
Posts
443
OS
Windows
Would/should an application (so Adobe in this case) interfering with an AV product not be classed as potential malware by the running AV product?

Perhaps Defender actually would flag the product as malicious as it detected it was being inhibited in some way and so that is why Defender is not actively blocked. Maybe it is one of the few products that can detect this behaviour.

If an application can do this then what is stop similar strategies being used by true malware. And what good are products that can not detect this happening?
Adobe, or any vendor for that matter, cannot thwart AV IMHO - the AV lies in the kernel process (highest in the OS hierarchy) and will block any attempt by way of heuristics - Adobe is trying to catch those AV checks so that it can implement an "exception rule " in it's app that the AV does not impede it's functioning. Not sure why Win Defender is excluded, however - I never really thought much of it anyway, but that's besides the point.
BTW I'm just a security enthusiast, no expert - so my opinion only.
 

My Computer

System One

  • OS
    Windows

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
Adobe, or any vendor for that matter, cannot thwart AV IMHO - the AV lies in the kernel process (highest in the OS hierarchy) and will block any attempt by way of heuristics - Adobe is trying to catch those AV checks so that it can implement an "exception rule " in it's app that the AV does not impede it's functioning. Not sure why Win Defender is excluded, however - I never really thought much of it anyway, but that's besides the point.
BTW I'm just a security enthusiast, no expert - so my opinion only.



I've always been surprised by how many programs actually DO have kernel access.
I haven't used Adobe Reader for over 15 years, but someone who does, may want to check that.
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Superfly

Well-known member
Member
VIP
Local time
3:57 AM
Posts
443
OS
Windows
I've always been surprised by how many programs actually DO have kernel access.
I haven't used Adobe Reader for over 15 years, but someone who does, may want to check that.
As with Linux, drivers have to be compiled into the kernel - only MS can compile the Windows kernel so they will have to vet whatever goes into it - I would be very surprised if they allowed a non-AV in there.
 

My Computer

System One

  • OS
    Windows

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
As with Linux, drivers have to be compiled into the kernel - only MS can compile the Windows kernel so they will have to vet whatever goes into it - I would be very surprised if they allowed a non-AV in there.


For example...
AIDA64 has a kernel driver
Most backup softwares that "guard" their backups, have kernel drivers.
Most software that requires a reboot during install and/or uninstall has a kernel component.
And definitely drivers, as you pointed out.

All I still remember about Adobe is that it was terribly bloated. Nero was like that as well.
In either case, I would suspect them as having kernel components as well.

I was just looking at Autorun's Driver tab, and noticed this...

Image1.png


I've never had anything Adobe on Win 11 or Win 10.
But I do remember that fonts are loaded at boot. Too many fonts will drastically slow the boot times.

But... as you also mentioned, this is all more of a hobby of mine, than anything exacting. :)



/edit

I bet Revo Uninstaller has a kernel component. It would almost have to I would think.
Maybe Winaero Tweaker as well. Probably Autoruns, too.
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Superfly

Well-known member
Member
VIP
Local time
3:57 AM
Posts
443
OS
Windows
For example...
AIDA64 has a kernel driver
Most backup softwares that "guard" their backups, have kernel drivers.
Most software that requires a reboot during install and/or uninstall has a kernel component.
And definitely drivers, as you pointed out.

All I still remember about Adobe is that it was terribly bloated. Nero was like that as well.
In either case, I would suspect them as having kernel components as well.

I was just looking at Autorun's Driver tab, and noticed this...

View attachment 32068


I've never had anything Adobe on Win 11 or Win 10.
But I do remember that fonts are loaded at boot. Too many fonts will drastically slow the boot times.

But... as you also mentioned, this is all more of a hobby of mine, than anything exacting. :)



/edit

I bet Revo Uninstaller has a kernel component. It would almost have to I would think.
These are not related to the Windows NT kernel.

Eg: kerneld.x64 Windows process - What is it?
 

My Computer

System One

  • OS
    Windows

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Superfly

Well-known member
Member
VIP
Local time
3:57 AM
Posts
443
OS
Windows
For example...
AIDA64 has a kernel driver
Most backup softwares that "guard" their backups, have kernel drivers.
Most software that requires a reboot during install and/or uninstall has a kernel component.
And definitely drivers, as you pointed out.

All I still remember about Adobe is that it was terribly bloated. Nero was like that as well.
In either case, I would suspect them as having kernel components as well.

I was just looking at Autorun's Driver tab, and noticed this...

View attachment 32068


I've never had anything Adobe on Win 11 or Win 10.
But I do remember that fonts are loaded at boot. Too many fonts will drastically slow the boot times.

But... as you also mentioned, this is all more of a hobby of mine, than anything exacting. :)



/edit

I bet Revo Uninstaller has a kernel component. It would almost have to I would think.
These are not related to the Windows ntskernel.

Eg: kerneld.x64 Windows process - What is it?
I'm confused.
I know it's not essential for Windows, but it is definitely essential for AIDA64.


The things in this pic are why I assume AIDA64 has a kernel driver.
View attachment 32070
Yep it's in RAM like SMBIOS ... the 'kernel' driver is just to access the info - not part of Windows. I don't know the app that well just an educated guess.
 

My Computer

System One

  • OS
    Windows

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
These are not related to the Windows ntskernel.

Eg: kerneld.x64 Windows process - What is it?

Yep it's in RAM like SMBIOS ... the 'kernel' driver is just to access the info - not part of Windows. I don't know the app that well just an educated guess.


I'm just guessing myself.
Like Autoruns... it pretty much has to have kernel access.
It can start and stop anything... even Window's kernel drivers.
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Superfly

Well-known member
Member
VIP
Local time
3:57 AM
Posts
443
OS
Windows
I'm just guessing myself.
Like Autoruns... it pretty much has to have kernel access.
It can start and stop anything... even Window's kernel drivers.
No it does not need kernel access - what it spawns can but that's a whole different topic. I don't use all these apps but believe me if MS allows manipulation of the kernel we are in deep doo-doo!
 

My Computer

System One

  • OS
    Windows

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
No it does not need kernel access - what it spawns can but that's a whole different topic. I don't use all these apps but believe me if MS allows manipulation of the kernel we are in deep doo-doo!


For example... I can uncheck any or all of these. I've used this to absolutely stop Defender.

Image1.png


 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Superfly

Well-known member
Member
VIP
Local time
3:57 AM
Posts
443
OS
Windows
For example... I can uncheck any or all of these. I've used this to absolutely stop Defender.

View attachment 32071


Yep those are spawned but you can't get rid of eg: mpsdrv as it's embedded in the kernel... you can just stop execution.

Edit: Anyway past my bedtime - nice discussion tho' cheers mate.
 

My Computer

System One

  • OS
    Windows

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
Yep those are spawned but you can't get rid of eg: mpsdrv as it's embedded in the kernel... you can just stop execution.


Now I'm tempted to try to get rid of c:\windows\system32\drivers\mpsdrv.sys :D

Maybe after my next backup.
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724

Ghot

Well-known member
Pro User
VIP
Local time
9:57 PM
Posts
3,107
Location
PA, USA
OS
Win 11 Home ♦♦♦22000.739
LOL.. good luck... off to bed now.. early start in the am. for me :wink:


Gnite. ;-)


I know... I'll turn myself into a Kernel Driver Hunter...

Image1.png
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22000.739
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    (onboard) Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    LG GH22LS30 CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    COOLER MASTER ATCS 840 Full Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    100/100
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security (latest)
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot®
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    100/100
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?

    http://www.xtremesystems.org/forums/showthread.php?183088-5000-B-E-on-M2N32-SLI-Dlx-Overclocked&p=2891724#post2891724
Top Bottom