I'm working on a PowerShell script that monitors software installations, specifically tracking process creation events. I'm using the `Register-CimIndicationEvent` cmdlet to watch for new processes, and I want to capture their command lines as they run. However, I'm stuck on how to properly track MSI file installations. The script I'm using includes a query to listen for process start events and then records the command line for each new process. Despite setting this up, all I get in the output file is "msiexec /V" instead of the full command like "msiexec /i newinstall.msi". When I check manually while the install is happening, I can see two instances of msiexec, but only one shows the command line as expected. Can anyone help me figure out what I'm missing or how to make this work more effectively?
2 Answers
If you're trying to track processes, you might consider using Process Monitor (procmon) instead of this approach. It’s designed for monitoring process events and could save you a ton of hassle in setting up your own tracking mechanism. Just a thought, but I get that you have a specific use case for SCCM package creation.
It sounds like the event listener might be stopping after the first triggered event. To continuously listen for multiple events, you might want to look into using the `MaxTriggerCount` parameter. This setting controls how many times the event will trigger before it unregisters itself. By default, it’s set to 0 which means it should listen indefinitely unless you tell it to stop.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically