Scripts to monitor WMI Events
Monitoring Process CreationCreating a Permanent Event Filter
Monitoring Process Creation
Temporary event consumer that issues an alert each time a new process is created.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colMonitoredProcesses = objWMIService. _
ExecNotificationQuery("select * from __instancecreationevent " _
& " within 1 where TargetInstance isa 'Win32_Process'")
i = 0
Do While i = 0
Set objLatestProcess = colMonitoredProcesses.NextEvent
Wscript.Echo objLatestProcess.TargetInstance.Name
LoopCreating a Permanent Event Filter
Creates a permanent event filter for monitoring changes in service status.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\default")
strFilterQuery = "Select * from __InstanceModificationEvent within 3 " & _
"where TargetInstance isa 'Win32_Service'"
Set objFilterClass = objWMIService.get("__EventFilter")
Set objFilter = objFilterClass.SpawnInstance_
objFilter.Name = "Service Monitor Filter"
objFilter.QueryLanguage = "wql"
objFilter.Query = strFilterQuery
objFilter.Put_