Use PowerShell to Obtain a List of Processes Where the Executable has been Modified in the Past 90 Days

Use PowerShell to obtain a list of currently running processes where the executable file has been modified in the past 90 days.

The number of days is a parameterized value so it can be specified when running the script without having to manually modify the script each time you want to change the value. The script uses a foreach loop to iterate through each individual process that is returned by the Get-Process cmdlet. The process's path property must contain a value or it will not be listed. Each process is only returned once even if the same executable is running multiple times as a separate process. A new PSObject is created to combine the properties from both Get-Process and Get-ChildItem in the same output. This script uses PowerShell version 3 simplified syntax for Where-Object (It will only work using PowerShell version 3 unless it is modified).

 1param (
 2$days = '90'
 3)
 4foreach($process in Get-Process |
 5where Path |
 6select -Unique) {
 7$dir = $process |
 8Get-ChildItem;
 9New-Object -TypeName PSObject -Property @{'Name' = $process.name;
10'Description' = $process.Description;
11'File Version' = $process.FileVersion;
12'Product' = $process.Product;
13'Path' = $process.Path;
14'Modified Date' = $dir.LastWriteTime;} |
15where 'Modified Date' -gt (Get-Date).AddDays(-$days)}

process-modified1.png

µ