Using PowerShell to stop unnecessary processes

 

 

It is a good practice to know what processes should be running on your computer.

The get-process command will show what processes should be running on your computer.

If you work in a place that has a SOE it is a good idea to get a list of processes before users and malware start installing rouge processes. Then when you have this in place you can make a script like this one.

Get-Process | where {$_.processname -notlike “AgentMon” } |

where { $_.name -notlike “audiodg” } |

where { $_.name -notlike “avp” } |

where { $_.name -notlike “conhost” } |

where { $_.name -notlike “csrss” } |

 where { $_.name -notlike “dwm” }

| where { $_.name -notlike “explorer” } |

where { $_.name -notlike “Idle” } |

 where { $_.name -notlike “KaUsrTsk” } |

where { $_.name -notlike “LogonUI” } |

where { $_.name -notlike “lsass” } | where { $_.name -notlike “lsm” } |

where { $_.name -notlike “Lua” } |

 where { $_.name -notlike “powershell” } |

 where { $_.name -notlike “rundll32” } |

where { $_.name -notlike “SearchFilterHost” } |

 where { $_.name -notlike “SearchIndexer” } |

where { $_.name -notlike “SearchProtocolHost” } |

 where { $_.name -notlike “services” } |

where { $_.name -notlike “smss” } |

where { $_.name -notlike “spoolsv” } |

where { $_.name -notlike “sppsvc” } |

 where { $_.name -notlike “svchost” } |

where { $_.name -notlike “System” } |

 where { $_.name -notlike “taskhost” } |

where { $_.name -notlike “VSSVC” } |

 where { $_.name -notlike “wininit” } |

where { $_.name -notlike “winlogon” } |

 where { $_.name -notlike “winvnc4” } |

where { $_.name -notlike “WmiPrvSE” } |

where { $_.name -notlike “WUDFHost” } |kill

This script passes all the processes not on the list through the pipeline and whatever is left over it kills (runs Stop-Process on).

I have used this script on computers that are completely non responsive and after running the script you can work on them and do some troubleshooting (or run your favorite anti malware software). Also you can run it without the kill option to find out what processes are running that should not be.

A good way to get a list of processes that should be running is

Get-Process | select processname 

I know this is a little bit manual but you could use the concatenate command in excel to form this list.

46

Then add get-process at the front and kill at the end.