Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
[+] Checking for required privileges
[+] Loading the driver
[*] Failed to load the driver
[+] Cleaning up
Win7 Professional 6.1.7601, X64 The driver cannot be loaded and cannot run! Win10 X64 ltsc can run! But when loading drivers, they will be intercepted by AV, so ending them is not very meaningful!