Sure, here's the updated PowerShell script with the additional functionality:
# Define whitelist of processes to monitor
$whitelist = @("explorer.exe", "svchost.exe", "taskhost.exe")
# Get current date and time
$dateTime = Get-Date
# Start message
Write-Output "Monitoring tool started at $dateTime"
# Check if there's an existing output file with the same name
$outputFile = "ProcessMonitoring.txt"
if (Test-Path $outputFile) {
$deleteFile = Read-Host "A file with the name '$outputFile' already exists. Do you want to delete it? (Y/N)"
if ($deleteFile -eq "Y" -or $deleteFile -eq "y") {
Remove-Item $outputFile -ErrorAction SilentlyContinue
}
}
# Ask if non-whitelisted processes should be whitelisted
$whitelistAll = Read-Host "Do you want to whitelist all non-whitelisted processes? (Y/N)"
if ($whitelistAll -eq "Y" -or $whitelistAll -eq "y") {
$whitelist += (Get-Process | Select-Object -ExpandProperty ProcessName)
}
# Get active processes
$activeProcesses = Get-Process | Where-Object {$_.ProcessName -notin $whitelist}
# Convert active processes to an array
$processArray = @()
foreach ($process in $activeProcesses) {
$processArray += @{
"Name" = $process.ProcessName
"ID" = $process.Id
"StartTime" = $process.StartTime
}
}
# Output active processes array to file
$processArray | ConvertTo-Json | Out-File $outputFile
# End message
$dateTime = Get-Date
Write-Output "Monitoring tool ended at $dateTime"
This script adds the following features:
Asks if non-whitelisted processes should be whitelisted.
Converts active processes to an array with properties for Name, ID, and StartTime.
Outputs the active processes array to the output file in JSON format for better structure and readability.
Sure, here's the updated PowerShell script with the additional functionality:
This script adds the following features: