Use PowerShell to Obtain a List of Processes Where the Executable has been Modified in the Past 90 Days

Use PowerShell to obtain a list of currently running processes where the executable file has been modified in the past 90 days.

The number of days is a parameterized value so it can be specified when running the script without having to manually modify the script each time you want to change the value. The script uses a foreach loop to iterate through each individual process that is returned by the Get-Process cmdlet. The process’s path property must contain a value or it will not be listed. Each process is only returned once even if the same executable is running multiple times as a separate process. A new PSObject is created to combine the properties from both Get-Process and Get-ChildItem in the same output. This script uses PowerShell version 3 simplified syntax for Where-Object (It will only work using PowerShell version 3 unless it is modified).

param (
$days = '90'
)
foreach($process in Get-Process |
where Path |
select -Unique) {
$dir = $process |
Get-ChildItem;
New-Object -TypeName PSObject -Property @{'Name' = $process.name;
'Description' = $process.Description;
'File Version' = $process.FileVersion;
'Product' = $process.Product;
'Path' = $process.Path;
'Modified Date' = $dir.LastWriteTime;} |
where 'Modified Date' -gt (Get-Date).AddDays(-$days)}

process-modified1.png

ยต