In order to better understand the processes that run on a server, and possibly identify traces of unwanted processes, PowerShell can dump forensic process information to CSV file in a way that Excel (if installed) can open the file. This way it is easy to review the processes and their command lines and start parameters.
Here is the code:
$Path = "$env:temp\processList.csv" # get all processes... Get-CimInstance -ClassName Win32_Process | # select forensic properties... Select-Object -Property Name, HandleCount, ProcessId, ParentProcessId, Path, CommandLine | # write to a CSV file Export-Csv -Path $Path -Encoding UTF8 -UseCulture -NoTypeInformation # load CSV into Excel (needs to be installed of course) Start-Process -FilePath excel -ArgumentList $Path
Note that you won’t get some process details for processes launched by someone else unless you run this with Administrator privileges.
