I know it is possible to monitor certain processes via WMI and the "WMI Process" sensor, but I want to monitor a process with a dynamic name. For example the process "MyProgram123.exe" changes every week its name to "MyProgram1234.exe" and PRTG always reports an error because he can't find the process.

Is there a solution for that particular scenario?

Article Comments

This article applies to PRTG Network Monitor 16 or later

How to Monitor a Dynamic Windows Process

To monitor a dynamic Windows process, use the following PowerShell (.ps1) script.

  • The script basically checks if the desired process runs on the remote host or not.
  • The script looks for a process that is like the given process name.
  • For example, consider the process "FTPServer100.exe" that increases the number at the end every day. The script can look for a process that is named like "FTPServer" and will find the process "FTPServer" also with changing numbers.

How to Use the Script

Save the script as .ps1 file in this subfolder of the PRTG program directory on the probe system from where you want to check the process: \Custom Sensors\EXE\

#    ____  ____  ____________
#   / __ \/ __ \/_  __/ ____/
#  / /_/ / /_/ / / / / / __  
# / ____/ _, _/ / / / /_/ /  
#/_/   /_/ |_| /_/  \____/                         
#    NETWORK MONITOR
#-------------------
#(c) 2016 Stephan Linke, Paessler AG
#
#This script checks if a certain dynamic process is running on a remote machine.
#

# Parameter "-computername" for the remote hosts address and "-proc" for the dynamic process name
param(
    $computername = "localhost",
    $proc = "proc"
    )

# Get processes of the remote machine that are like the provided dynamic process name
$Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * FROM Win32_Process WHERE NAME LIKE '%$($proc)%'")

# Check if the process is found or not, report it back to PRTG.
if([string]::IsNullOrEmpty($Processes)) {
    Write-Host ([string]::Format("{0}:{0} Process not found {1}.",0,$proc));
} else {
    Write-Host ([string]::Format("{0}:{0} Process found {1}.",1,$proc));
}

The next step is to add an EXE/Script sensor. In the sensor settings, choose the created script from the list and provide the following Parameters:

-computername <remoteaddress> -proc <processname>

Please adjust the <remoteaddress> and <processname> parameters like in the examples below, depending on your scenario:

  • <remoteaddress>: WindowsHost123
  • <processname>: FTPServer

You can leave the other default settings unchanged.


Aug, 2016 - Permalink

Actually this script used as is gives back an error

Response not well-formed: "(In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXE\Dynamic Windows Process.ps1:25 car:8 + } else { + ~ '}' di chiusura mancante nel blocco di istruzioni. + CategoryInfo : ParserError: (:) [], ParseException + FullyQualifiedErrorId : MissingEndCurlyBrace )" (code: PE132)


Feb, 2018 - Permalink

Hi there,

We tested the script several times. Please make sure that you have copied the script properly and didn't missed any characters.

Additionally, please activate the "Write EXE result to disk" option in the sensor's settings and post the log files (Result of Sensor XXX.Data.txt and Result of Sensor XXX.txt) located on the corresponding probe under "C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Sensors)".

Best regards.


Feb, 2018 - Permalink

Hi Dariusz

I was able to make this script work making some little changes, this is the new code used 

# Parameter "-computername" for the remote hosts address and "-proc" for the dynamic process name
param(
    $computername = "localhost",
    $proc = "proc"
    )

# Get processes of the remote machine that are like the provided dynamic process name
$Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * FROM Win32_Process WHERE NAME LIKE '%$($proc)%'").count

# Check if the process is found or not, report it back to PRTG.
  if([string]::IsNullOrEmpty($Processes)) {
    Write-Host ([string]::Format("{0}:{0} Process not found {1}.",0,$proc));
} else {
    Write-Host ([string]::Format("{0}:{0} Process found {1}.",$Processes,$proc))
};

Here described the changes made:

  • It was missing the last parenthesis } and this prevented the script from running
  • Added .count at the end of the creation of variable $Processes so to have it counted
  • Changed from ("{0}:{0} Process found {1}.",1,$proc) to ("{0}:{0} Process found {1}.",$Processes,$proc) the last Format to have the result of processes count included in the output

So far the script works perfectly when used in a sensor on a local probe but it gives back no results nor error when used on a remote machine so I guessed it's an authentication problem. Checking the logs in fact I see Access denied

Get-WmiObject : Accesso negato. (Eccezione da HRESULT: 0x80070005 
(E_ACCESSDENIED))
In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXE\Dynamic 
Windows Process.ps1:20 car:15
+ $Processes = (Get-WmiObject -ComputerName $computername -Query "SELECT * 
FROM Wi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedA 
   ccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.Pow 
   erShell.Commands.GetWmiObjectCommand

I've tried different other ways to get it

  • Changed setting in sensor from "Use security context of probe service" to "Use Windows credentials of parent device" and got PE095 error
  • Added credentials variables in the script but the only way that made it working is running the probe service as a local administrator

I reached this conclusion cause testing it from powershell cli it was working smoothly but not from PRTG interface

Let me know if you think that something is not correct or can be done more properly

Regards


Feb, 2018 - Permalink

Hi there,

You were right, the last brace was missing. Could you try the script again with a Domain Administrator in the Device Settings?

Best regards.


Feb, 2018 - Permalink

Hi

I have found this script and is trying to use it. But I can't get it to work.
I have copied the first script and paste it into notepad and saved it as CheckProc.ps1
If I run the script at the remote probe, where the file is saved, it works.

PS C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE> .\CheckProcess.ps1 -computername dbnode01 -proc dbservice

1:1 Process found dbservice.

If I create a exe/script sensor in PRTG on a device, which is handled by this remote probe, I can chose the script name. If I don't add any parameters the sensor reports: 1 Process found proc. so the script is running.

BUT... if I use parameter: -computername dbnode01
the sensor reports: 0 Process not found proc.
if I use parameter: -proc dbservice
the sensor reports: 0 Process not found dbservice.
if I use parameters: -computername dbnode01 -proc dbservice
the sensor reports: 0 Process not found dbservice.

Any suggestions why it doesn't work?

Kind regards Jens


Feb, 2021 - Permalink

Hey,

It may be that the sensor is actually erroring out for a reason. To see this reason, enable the "Write Result to Disk" option in the sensor and check the logs under "C:\ProgramData\Paessler\PRTG Network Monitor\Logs\sensors\" - especially the "Result of Sensor XXXX.txt"-file.

Do you see anything?

Best regards.


Feb, 2021 - Permalink