how find child process & stop them?

[r2du-soft]

hi
for Example:
this code just close process



set "process=firefox.exe"
for /f "tokens=2" %%i in ('tasklist /nh /fi "imagename eq %process%" 2^>nul') do set PID =%%i
taskkill /f /pid %PID% /t

but not close child process

how set child process = %PID2% & close them?

[foxidrive]

See here:

taskkill /?

[r2du-soft]

See here:

taskkill /?

taskkill close a process But Some process Have child process & taskkill not close child process , this process I was close them , for Is an antivirus!

this process ( egui.exe & ekrn.exe ) have child process That With code taskkill not close them!

[foxidrive]

Did you read the taskkill help about child processes?



I must say that stopping an AV program could be difficult because they can have multiple services and when one service is killed then the remaining services will restart it. It's designed to stop malware from disabling it.

[r2du-soft]

Did you read the taskkill help about child processes?




I must say that stopping an AV program could be difficult because they can have multiple services and when one service is killed then the remaining services will restart it. It's designed to stop malware from disabling it.

im read doc help for taskkill but not find code for close child processes!!

[Ed Dyreen]

'
Hi Foxi,

I must say that stopping an AV program could be difficult because they can have multiple services and when one service is killed then the remaining services will restart it.

Some AV services may not allow being stopped by taskkill with administrator privileges but the ones that do should respect the user-/program's wish.

It's designed to stop malware from disabling it.

How would AV know whether the disable request is from a legitimate program/user or malware if it isn't detected as is malware ?

This isn't the case with symantec nor bitDefender 2008.
I would be surprised to find out their policy would have changed with their newer releases.
Where did you get that info ?

[abc0502]

@r2du-soft please have a look at this:

C:\Users\Administrator>taskkill /?

TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/T] [/F]

Description:
This tool is used to terminate tasks by process id (PID) or image name.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which the
command should execute.

/P [password] Specifies the password for the given user
context. Prompts for input if omitted.

/FI filter Applies a filter to select a set of tasks.
Allows "*" to be used. ex. imagename eq acme*

/PID processid Specifies the PID of the process to be terminated.
Use TaskList to get the PID.

/IM imagename Specifies the image name of the process
to be terminated. Wildcard '*' can be used
to specify all tasks or image names.

/T Terminates the specified process and any
child processes which were started by it.

/F Specifies to forcefully terminate the process(es).

/? Displays this help message.

/T switch terminate the process and it's child processes

[r2du-soft]

no!
this switch ( /t ) not close child process but show number child process

Code: Select all

/T Terminates the specified process and any
child processes which were started by it.

please see this picture All comments seen In Photos:



1- im how set child process = Variable1 ?
2- Apart from close ( pid process our child process ) What Other methods for close (stop) process ?

[abc0502]

The error reason is access denied, you don't have permission, do you use windows 7 ?

[r2du-soft]

The error reason is access denied, you don't have permission, do you use windows 7 ?

yes , my windows is 7 32bit
and
this process is antivirus process

[aGerman]

this process is antivirus process

In this case it makes perfect sense that you are not allowed to terminate the process. Otherwise each virus could do it as well.

Regards
aGerman

[r2du-soft]

this process is antivirus process

In this case it makes perfect sense that you are not allowed to terminate the process. Otherwise each virus could do it as well.

Regards
aGerman

but A friend make a program for nod32 (For backup from update nod32 antivirus )
that program backup files *.dat
When restore *.dat files must user goto safe mode and restore them
BUT The program At That my freand maked , user for restore backup Safe mode does not require (when open restore update.exe = nod32 full close & updates {*.dat} restore and started nod32 Updated Without a even Restart !!!!!)
How is that be possible?
* this program Writing whit nsis (Nullsoft Scriptable Install System) *

[abc0502]

you can try providing a password when killing the process, i don't know if that would even work,
But if did that will complicate every thing.

[aGerman]

You can run a program in elevated mode. In that case the program itself prompts the user for confirmation. This will work in case the user has administrator rights.
Did you try to run your batch file in elevated mode (right click, "Run as Administrator")?

Regards
aGerman

[r2du-soft]

You can run a program in elevated mode. In that case the program itself prompts the user for confirmation. This will work in case the user has administrator rights.
Did you try to run your batch file in elevated mode (right click, "Run as Administrator")?

Regards
aGerman

no im open file Normal!
I've tested ( Run as Administrator ) but Again FAIL ! (Access is denied)