Isn’t there any way to prevent certain process from being killed?
Thanks in advance.
I guess (I haven’t tested it) that you can hook NtTerminateProcess kernel
service in order to avoid process killing by returning an appropiate
NTSTATUS value (for example STATUS_ACCESS_DENIED) and then not calling the
old NtTerminateProcess service.
Best regards,
Jose Vicente.