Reputation: 301
How to check if a process has been stopped or started within a time frame?
I would like to run a Powershell script that would tell me if a process with a specific name has been stopped/started within a given time frame (e.g. 24 hours). I basically want what this does: https://serverfault.com/questions/416536/last-restart-start-time-of-a-windows-service however I would like it for processes (.exe).
Can the below be butchered to accomodate a process that doesn't exist as a service?
(Get-EventLog -LogName "System" -Source "Service Control Manager" -EntryType "Information" -Message "*Computer Browser service*running*" -Newest 1).TimeGenerated;
Upvotes: 0
Views: 815
Answers (1)
Reputation: 918
This post describes your exact question. https://superuser.com/questions/1052541/how-can-i-get-a-history-of-running-processes
I'll add the most important part in a quote for archive purposes.
Press Win+R and type gpedit.msc to open the group policy manager In the left pane, navigate to
Local Computer Policy \ Computer Configuration \ Windows Settings
Security Settings \ Local Policies \ Audit PolicyIn the right pane, double-click "Audit process tracking" and check both boxes
From now on, all process creations and deletions (and failed attempts at same) will appear in the Security log.
Upvotes: 1
Related Questions
- How to Correctly Check if a Process is running and Stop it
- PowerShell command or code to know if script execution has been stopped
- Kill the process if start time is less than 2 hours
- How to get the process start time in PowerShell
- Powershell script to determine when a program is quit
- How can I start a process, pause for 2 hours and then kill a process in Powershell
- Monitoring Start-Process with Timer
- Tell if Stop-Process was successful or not in PowerShell
- Stopper in PowerShell (time elapse during excution of a program)
- Start time of a process running on remote machine using powershell