How do I kill an 'access denied' process?
-
When I try to use taskmanager to kill certain processes, it says 'access denied'. What I really need to know is how these files are registered as 'protected'. Why can I not kill ZoneAlarm's process? or my AV Symantec Corporate? This is really frustrating. Also, why can I not delete files that are currently in use? I know that it can cause a lot more than just system instability. but how does windows protect files, as well as processes? Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period. Is there a service that protects files / processes? Or is it even more subtle than that? The thing that I don't understand is how the permissions are set for this...can't I set the 'permissions' (or whatever they are called) to allow me to kill any process? To sum up...I was thinking that this 'magical' prog could either: 1. delete the process from memory, like a virus. 2. reset the permissions for the process, so that I can kill it myself. Any suggstions are very much appreciated. sanjeev sharma software engineer Blog
-
When I try to use taskmanager to kill certain processes, it says 'access denied'. What I really need to know is how these files are registered as 'protected'. Why can I not kill ZoneAlarm's process? or my AV Symantec Corporate? This is really frustrating. Also, why can I not delete files that are currently in use? I know that it can cause a lot more than just system instability. but how does windows protect files, as well as processes? Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period. Is there a service that protects files / processes? Or is it even more subtle than that? The thing that I don't understand is how the permissions are set for this...can't I set the 'permissions' (or whatever they are called) to allow me to kill any process? To sum up...I was thinking that this 'magical' prog could either: 1. delete the process from memory, like a virus. 2. reset the permissions for the process, so that I can kill it myself. Any suggstions are very much appreciated. sanjeev sharma software engineer Blog
-
Hi, Try using third party softwares ... like tuneup utilities,etc... Regards, Vimal
If U Get Errors U Will Learn If U Don't Get Errors U Have Learnt
-
When I try to use taskmanager to kill certain processes, it says 'access denied'. What I really need to know is how these files are registered as 'protected'. Why can I not kill ZoneAlarm's process? or my AV Symantec Corporate? This is really frustrating. Also, why can I not delete files that are currently in use? I know that it can cause a lot more than just system instability. but how does windows protect files, as well as processes? Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period. Is there a service that protects files / processes? Or is it even more subtle than that? The thing that I don't understand is how the permissions are set for this...can't I set the 'permissions' (or whatever they are called) to allow me to kill any process? To sum up...I was thinking that this 'magical' prog could either: 1. delete the process from memory, like a virus. 2. reset the permissions for the process, so that I can kill it myself. Any suggstions are very much appreciated. sanjeev sharma software engineer Blog
The reason is that these processes are using hooks into very low level functions of the OS - things like virus scanners, CD copy protection, etc often do this because they need to intercept calls to hardware functions or file access functions. The OS will not allow you to kill these processes because as I understand it, the protections around functions that run at this level are much less robust, therefore there is greater danger of causing damage if a function terminates unexpectedly. Why do you want to kill these processes - or is this just something that interests you?
-
When I try to use taskmanager to kill certain processes, it says 'access denied'. What I really need to know is how these files are registered as 'protected'. Why can I not kill ZoneAlarm's process? or my AV Symantec Corporate? This is really frustrating. Also, why can I not delete files that are currently in use? I know that it can cause a lot more than just system instability. but how does windows protect files, as well as processes? Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period. Is there a service that protects files / processes? Or is it even more subtle than that? The thing that I don't understand is how the permissions are set for this...can't I set the 'permissions' (or whatever they are called) to allow me to kill any process? To sum up...I was thinking that this 'magical' prog could either: 1. delete the process from memory, like a virus. 2. reset the permissions for the process, so that I can kill it myself. Any suggstions are very much appreciated. sanjeev sharma software engineer Blog
Just because your an admin on the machine doesn't mean you have "God" rights to everything. These processes cannot be killed because they're running in a system security context, basically in Ring 0 in the kernel space. Even as an Admin, you have no rights to kill a Ring 0 process.
sharma sanjeev wrote:
Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period.
No, because those blocks will be locked by the filesystem.
sharma sanjeev wrote:
Is there a service that protects files / processes?
No, it's built into the NTFS and Security subsystems. They are not services that you see in the Service Manager.
sharma sanjeev wrote:
can't I set the 'permissions' (or whatever they are called) to allow me to kill any process?
No. You can't kill, or even get permissions to kill, a process that's above your own security level.
sharma sanjeev wrote:
1. delete the process from memory, like a virus.
Can't be done. Did you think the Security Manager was just there for looks?
sharma sanjeev wrote:
2. reset the permissions for the process, so that I can kill it myself.
You cannot grant yourself permissions higher than your own account. Again, security is there for a reason.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007 -
Just because your an admin on the machine doesn't mean you have "God" rights to everything. These processes cannot be killed because they're running in a system security context, basically in Ring 0 in the kernel space. Even as an Admin, you have no rights to kill a Ring 0 process.
sharma sanjeev wrote:
Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period.
No, because those blocks will be locked by the filesystem.
sharma sanjeev wrote:
Is there a service that protects files / processes?
No, it's built into the NTFS and Security subsystems. They are not services that you see in the Service Manager.
sharma sanjeev wrote:
can't I set the 'permissions' (or whatever they are called) to allow me to kill any process?
No. You can't kill, or even get permissions to kill, a process that's above your own security level.
sharma sanjeev wrote:
1. delete the process from memory, like a virus.
Can't be done. Did you think the Security Manager was just there for looks?
sharma sanjeev wrote:
2. reset the permissions for the process, so that I can kill it myself.
You cannot grant yourself permissions higher than your own account. Again, security is there for a reason.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007So very true. Your Pentium or Pentium compatible processor has different modes that it can run in. Two of the most common are Real Mode and Protected Mode. Real Mode is a 16bit mode where one application can access and manipulate virtually everything in memory. DOS and early versions of Windows ran in Real Mode. Current operating systems run in Protected Mode. Protected Mode has 4 'rings' of protection, where Real Mode has no rings. 'Ring 0' is the ring that has access to everything. As you get into higher rings you get more and more restricted. Computer users generally have ring 2 or 3 permissions or something. That ring level does not have the rights to change its ring level. Access denied. You have to hack into the OS to do that. At that stage, whatever code you're running is a part of the 'OS' now. A screw up in coding can crash your computer or possibly even fry some hardware. This whole reply is off of memory, so if anyone notices any inaccurate information, I will not be offended by a correction.
-
When I try to use taskmanager to kill certain processes, it says 'access denied'. What I really need to know is how these files are registered as 'protected'. Why can I not kill ZoneAlarm's process? or my AV Symantec Corporate? This is really frustrating. Also, why can I not delete files that are currently in use? I know that it can cause a lot more than just system instability. but how does windows protect files, as well as processes? Wouldn't it be possible to have a program that would act like a virus, it would just tell the hdd to overwrite those particular clusters, period. Is there a service that protects files / processes? Or is it even more subtle than that? The thing that I don't understand is how the permissions are set for this...can't I set the 'permissions' (or whatever they are called) to allow me to kill any process? To sum up...I was thinking that this 'magical' prog could either: 1. delete the process from memory, like a virus. 2. reset the permissions for the process, so that I can kill it myself. Any suggstions are very much appreciated. sanjeev sharma software engineer Blog
Hi sanjeev, Try SysInternal's pskill. You need to be an Administrator on the Local machine. If you have Debug Rights on the machine, you can get that group. Jeff