Kae Travis

Find Newly Launched Processes

This simple chunk of code will find newly launched processes (specifically their process IDs) that have started between a given period:


$existingProcessPids = Get-Process -ErrorAction SilentlyContinue | Select -ExpandProperty Id  
#new processes launched here
start-process notepad.exe
start-process cmd.exe
$newProcessIds = Get-Process -ErrorAction SilentlyContinue | where-object { $existingProcessPids -notcontains $_.Id } | select -ExpandProperty Id
write-host $newProcessIds

 

Find Newly Launched Processes
Find Newly Launched Processes

Leave a Reply