Scripts and tools for use with Microsoft products/technologies
Other scripts I have written but are available elsewhere include:
Process created watcher.ps1 - Gets Windows Management Instrumentation (WMI) notifications for new process creations via the WqlEventQuery class available in the .NET Framework. These are used to show what processes are created and when. The benefits of this approach include:
- Low overhead/resource usage
- No prerequisites, such as enabling process creation and command line auditing
- Easily remoted
- No elevation required (scenario dependent)
https://www.parallels.com/blogs/ras/process-created-watcher-script/