Created
March 11, 2026 23:43
-
-
Save joshooaj/867324a2c8e9e0f6bb83d11fca1f82ca to your computer and use it in GitHub Desktop.
Watch for new processes and write information about them to the terminal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This just writes text to the terminal with Write-Host and isn't useful for long-term monitoring or logging or automation | |
| $job = Register-CimIndicationEvent -Query "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'" -SourceIdentifier ProcessWatcher -Action { | |
| param($sender, $e) | |
| $p = $e.NewEvent.TargetInstance | |
| Write-Host "`n---------`n" | |
| Write-Host "Process: $($p.Name)" | |
| Write-Host "ProcessId: $($p.ProcessId)" | |
| Write-Host "Path: $($p.Path)" | |
| Write-Host "CommandLine:" | |
| Write-Host " $($p.CommandLine)" | |
| } | |
| # When you're tired of junk being written to the terminal, remove the background job with... | |
| # $job | Remove-Job -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment