Use PowerShell to Obtain a List of Processes Where the Executable has been Modified in the Past 90 Days
Use PowerShell to obtain a list of currently running processes where the executable file has been modified in the past 90 days.
The number of days is a parameterized value so it can be specified when running the script without
having to manually modify the script each time you want to change the value. The script uses a
foreach loop to iterate through each individual process that is returned by the Get-Process
cmdlet. The process's path property must contain a value or it will not be listed. Each process is
only returned once even if the same executable is running multiple times as a separate process. A
new PSObject is created to combine the properties from both Get-Process
and Get-ChildItem
in the
same output. This script uses PowerShell version 3 simplified syntax for Where-Object
(It will
only work using PowerShell version 3 unless it is modified).
1param (
2$days = '90'
3)
4foreach($process in Get-Process |
5where Path |
6select -Unique) {
7$dir = $process |
8Get-ChildItem;
9New-Object -TypeName PSObject -Property @{'Name' = $process.name;
10'Description' = $process.Description;
11'File Version' = $process.FileVersion;
12'Product' = $process.Product;
13'Path' = $process.Path;
14'Modified Date' = $dir.LastWriteTime;} |
15where 'Modified Date' -gt (Get-Date).AddDays(-$days)}
µ