I'm trying to delete a process that is running on my Windows 10 machine but it's not viewable in Task Manager. The only way I can see the process is using "Tasklist" in a command prompt or via Process Hacker. The process persists after a complete shutdown and power-off, even over night, and has the same PID as before on a restart.
The process shows on a different session id to any other and this session id doesn't change after a shut down, there are no other processes running on this session id.
I have tried "Taskkill /PID /F" but this returns the message "End Process failed for 15720:Access is denied.". I am an admin user on my machine.
Following other posts like this one Really killing a process in Windows, I have tried using ProcessHacker to terminate the task but this also fails I assume because it is running the same command underneath. However the properties in ProcessHacker says the Parent is "Non-existent process (19812)".
Any ideas on how I can kill a process in this state?
Edited to add extra detail (18/09/21):
I have attached images of "Task Manager" to show the PID not being shown and "ProcessHacker" where it is being shown
Task Manager Image Process Hacker
As you can see the process does not show in Task Manager and retains the same PID across reboots and this is my problem. This process has been "running" on my machine now for nearly 3 days and has persisted over 5+ shutdowns with the same PID. It is running in "Session ID" 7 which as far as I can tell isn't a valid session on my machine. Here are the properties that Process Hacker is reporting and as you can see the Parent is reported as a non-existent process. Process Hacker Properties.
If I try and terminate the process in "Process Hacker" I get this message Process Hacker terminate message
The process is a service written by the firm I work for and is running on multiple machine at client sites. It is written in C#, not sure what other information you will need but happy to supply it.
Edited with extra detail as requested by the comments (19/09/21)
When I called the process a service I was trying to distinguish between the background process, which is causing the issue, and processes calling it. The process is not a Windows service.
The code used for the process is standard C# code and I've posted it below:
System.Diagnostics.Process[] existing = System.Diagnostics.Process.GetProcessesByName("CMSDocumentContentIndexingService");
foreach (System.Diagnostics.Process process in existing)
{
if (string.Compare(FileSystemLayer.GetFilePath(process.MainModule.FileName),
FileSystemLayer.GetFilePath(Assembly.GetExecutingAssembly().Location), true) == 0)
{
isRunning = true;
break;
}
}
The code that errors is this "process.MainModule.FileName", I assume because the parent can't be found.
I have added a screen print of "Process Explorer", as requested here. The process has again persisted across a shutdown and still has the PID 15720. If I try and "Kill Process" I get the same error message "Access is denied"
Final Update After 4+ days and 10+ shutdowns the process has final been removed. I haven't been able to influence the process at all and no-one has been able to present a solution. So my assumption is some tidy up process has happened after a certain number of days. I thought I should post what the solution was for me in case anyone finds themselves in a similar situation.