Sign in to follow this  
Followers 0
dfrith20

Disable kill in TaskManager

4 posts in this topic

Hi, I know there are a couple of threads here talking about this topic that have been closed because it has been assumed the poster is trying to create malware or similar.

I have a legitimate need to stop users using Task Manager to kill the autoit.exe.

We are using AutoIT within a large terminal server environment to provide a session idle timeout feature. I won’t go into the details of why we are not using the built in RDP session timeout – but trust me, there is good reason.

The script is launching in the user’s context, and therefore they have rights to kill it. We think a couple of users have worked this out, and are therefore bypassing the timeout set.

As a backup, if there is no easy answer, I’m planning to compile the script as an EXE with an odd name, to provide some security via obscurity – however if there is a more elegant solution, I’d be keen to find out.

Using a monitoring script is also a possibility of course, but that’s also not pretty.

We also prefer to keep task manager available, as it is a very handy troubleshooting tool

If you know a solution, but are concerned about posting it on this forum, you can send it to my email: david.frith <at> svhm.org.au

Thanks

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I'm not the most experienced guy ever but I don't think there is a way you can disable only part of the ask manager. Users can either use it or they can't. I also can't figure out a good reason why you wouldn't use the tool that was designed to do what you are asking. I would suggest you state what your "legitimate need" is because it seems pretty malicious to me.

Edited by Reeling

Share this post


Link to post
Share on other sites

I too have found that there are some posts that were blocked because this apparentely is/maybe used for some virus creation....

But i am trying to make the opposite. I'm trying to create an exe blocker/allower exactly to prevent infections.

I found this great and simple piece of code that looks like a great start:

My little app will be an exe blocker and also a SRP UI. But for this i would like to have the process protected from termination, is it possible?

Again, sorry if i broke any rules and for reviving this old thread.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0