Why is the self-defense mode blocking KProcessHacker3, a key component of Process Hacker 2? In order to use Process Hacker 2 properly I have to disable a key component of avast. Neither option is acceptable!!!

George

Does avast give a message? if so what does it say, you may post a screeshot

If KProcessHacker3 is poking around with avast processes, then I would expect avasts self-defence module to get moving.

As you say the Avast self-defence module is a key component of Avast, so a screenshot could be helpful as Pondus suggests.

KProcessHacker.sys is blocked, because it is subverting Windows security model. It allows user mode caller (through kprocesshackers internal IOCTLs) to open processes/threads as kernel mode requester, basically bypassing standard AV filtering techniques which depends on object manager callback registration (ObRegisterCallbacks). Resulting kernel handle is returned to user mode and can be used to modify target thread/process (operations like suspend/terminate, modification of virtual memory etc.), This functionality can be easily reused by 3rd party attackers.