Hey,
i recently tried to kill the AV Processes of for example AVG. My payload had SYSTEM privileges but i couldn't kill the AV Processes which also run under the SYSTEM user.
I noticed a process which ran higher than SYSTEM which belonged to AVG. Is it common thats a av has some sort of process which runs in kernel mode or sth which protects the other processes.
Is there even a way to kill the av as a System user?