Can't Stop-Process access denied

This topic contains 1 reply, has 2 voices, and was last updated by  postanote 1 month, 1 week ago.

  • Author
    Posts
  • #82085

    Jose DeMille
    Participant

    Hey Folks,

    I'm trying to kill all Norton Security processes on my Windows 10 administrative workstation so I can run a clean network vulnerability scan from this machine without interference. I start PowerShell 5.0 Run as Administrator, but I get "access denied" when I run the following: Stop-Process -ProcessName ns.exe

    I believe the problem is due to the ns.exe running owned as a system process.

    Note: I never get the [ADMIN] PS C:\ prompt as shown in the help file Example as shown below:

    PS C:\ Get-Process -Name "lsass" | Stop-Process

    Stop-Process : Cannot stop process 'lsass (596)' because of the following error: Access is denied
    At line:1 char:34
    + Get-Process -Name "lsass" | Stop-Process <<< Get-Process -Name "lsass" | Stop-Process Warning! Are you sure you want to perform this action? Performing operation 'Stop-Process' on Target 'lsass(596)' [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Would anyone be so kind as to provide me with an example of how to successfully stop all Norton Security processes using PowerShell 5.0? Warm Regards, Jose

  • #82093

    postanote
    Participant

    Is this a personal machine or a corporate one?

    If it is the latter then, it's more than likely because of your company's policy and how they have Norton deployed.
    Virtually all of the enterprise AV solutions now have features which allows AV admins to prevent anyone from disabling or turning off the AV software.

    If you are not the AV admin, you can't do this at all.

    There are ways to do it, non-interactively, but that is hacking and not something I or anyone should be providing on this type of forum. If you are the AV administrator, then the AV package settings provides steps to disable the services and or allow administrative overrides.

    So, this is not PowerShell, but AV policies in my experience. Remember. these AV solutions often times run at the lowest level of the OS / security model in order to do what they are designed to do.

    If this is a personal machine, then you have the vendor docs to show you how to disable whatever is in place.

    BTW, have you already tried stopping the Norton services in Service Manager or Stop-Service -DisplayName 'Norton*' -Force

You must be logged in to reply to this topic.