How to prevent process from being killed on Windows

Question

I have some processes running on Windows 10 and I don't want them exit or close by anything inside or outside. I want to protect them. Anyone can tell me what I need to do or introduce me some tools to do this. Thank you so much

Answer 1

If you implement your "important" process as a service then a normal user will not be able to stop or kill it.

Preventing someone with administrator privileges from killing your process is very hard and I would recommend that you don't try to stop them.

Administrators can stop services, debug (and therefore kill) processes they did not start, run code as the system user and load kernel drives. There are only two ways to (try to) stop them:

• If you are a real Antivirus/Antimalware vendor then you can create ELAM drivers and protected services. (Protected services can be debugged by a kernel debugger)
• Create a kernel driver that prevents certain access rights when processes call OpenProcess and/or use dirty tricks to hide your process from the list of processes so it does not show up in task manager and other tools. Most people would consider this a pretty evil thing to do! You will have to fight with PatchGuard and Antivirus software if you try to do this.