This simple chunk of code will find newly launched processes (specifically their process IDs) that have started between a given period:


 $existingProcessPids = Get-Process -ErrorAction SilentlyContinue | Select -ExpandProperty Id  

 #new processes launched here
 start-process notepad.exe
 start-process cmd.exe

 $newProcessIds = Get-Process -ErrorAction SilentlyContinue | where-object { $existingProcessPids -notcontains $_.Id } | select -ExpandProperty Id

 write-host $newProcessIds

 

Find Newly Launched Processes
Comments have now been disabled. If you have a question to ask about this post please ask the community!