I'm trying to select a certain process name within a Powershell script with WASP. However, the issue is that every time the process is started it gives itself a randomly generated string before the extension.
It does always include the extension ".tmp" though. Is there anyway I can select the process if it contains .tmp at the end of the string? In this instance, the process i'm trying to select is "is-RI4E5.tmp". I'll need to select this based on it containing the extension at the end, ".tmp".
ProcessName ProcessId IsActive Handle Title Class
----------- --------- -------- ------ ----- -----
powershell_ise 8652 True 133330 Administrator: Windows PowerShell ISE HwndWrapper[PowerShell_ISE.exe;;cf...
is-RI4E5.tmp 6720 False 461306 Setup TApplication
explorer 5472 False 264168 VNC Server CabinetWClass
explorer 5472 False 985230 vnc - Search Results in SharedFiles (\\cas-fs1) (S:) CabinetWClass
chrome 7636 False 329808 Central Arizona Supply - Home - Google Chrome Chrome_WidgetWin_1
cmd 7592 False 264396 Administrator: C:\Windows\system32\cmd.exe ConsoleWindowClass
EXCEL 8860 False 1116322 Microsoft Excel - CAS Network IP Directory [Compatibility Mode] XLMAIN
EXCEL 8860 False 395668 Printers MS-SDIb
VNCScan 9104 False 198140 Bozteck VENM Console 2013.6.3.230 WindowsForms10.Window.8.app.0.378734a
EXCEL 8860 False 461030 CAS Network IP Directory [Compatibility Mode] MS-SDIb
I would suggest collecting all the process names prior to starting your WASP process. Once started, collect all the process again and diff the two collections using Compare-Object. This will reduce the chance of a false positive when multiple processes have a '.tmp' suffix.