I am ex msft. I have written windows code in kernel mode. I know that there are acls. I know about psexec too. I was not talking about any of that, but Task Manager as this thread was about.
Personally if I were killing with psexec I would try invoking taskkill.exe.
Ah, ok, sorry I was just trying to be helpful, I wasn't trying to teach you to suck eggs :)
But my main point was (that I implied, but I didn't say) is yes, I remember killing off early versions of microsoft security essentials (when that was its name) with task manager too. Logically, back then the process didn't have a restricted ACL, but it now does.
I didn't actually know you could specify the system user when killing a process with taskkill, thanks
Personally if I were killing with psexec I would try invoking taskkill.exe.