Jump to content

Recommended Posts

Hi, I know there are a couple of threads here talking about this topic that have been closed because it has been assumed the poster is trying to create malware or similar.

I have a legitimate need to stop users using Task Manager to kill the autoit.exe.

We are using AutoIT within a large terminal server environment to provide a session idle timeout feature. I won’t go into the details of why we are not using the built in RDP session timeout – but trust me, there is good reason.

The script is launching in the user’s context, and therefore they have rights to kill it. We think a couple of users have worked this out, and are therefore bypassing the timeout set.

As a backup, if there is no easy answer, I’m planning to compile the script as an EXE with an odd name, to provide some security via obscurity – however if there is a more elegant solution, I’d be keen to find out.

Using a monitoring script is also a possibility of course, but that’s also not pretty.

We also prefer to keep task manager available, as it is a very handy troubleshooting tool

If you know a solution, but are concerned about posting it on this forum, you can send it to my email: david.frith <at> svhm.org.au

Thanks

Link to post
Share on other sites

I'm not the most experienced guy ever but I don't think there is a way you can disable only part of the ask manager. Users can either use it or they can't. I also can't figure out a good reason why you wouldn't use the tool that was designed to do what you are asking. I would suggest you state what your "legitimate need" is because it seems pretty malicious to me.

Edited by Reeling
Link to post
Share on other sites
  • 6 months later...

I too have found that there are some posts that were blocked because this apparentely is/maybe used for some virus creation....

But i am trying to make the opposite. I'm trying to create an exe blocker/allower exactly to prevent infections.

I found this great and simple piece of code that looks like a great start:

My little app will be an exe blocker and also a SRP UI. But for this i would like to have the process protected from termination, is it possible?

Again, sorry if i broke any rules and for reviving this old thread.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...