Relevance for windows processes

(imported topic written by jeko1791)

Hi all,

I thought I was getting the number of running windows processes with the following clause:

q: number of running applications whose (name of it starts with “notepad”)

A: 1

but it’s only returning “1” or “0”. If I open three instances of notepad, it still returns “1”. How can I query the number of running processes across all users, instead of the number of applications?

My goal here, is to retrieve the number of concurrent BESConsole processes on our Citrix servers, so I can see how our admins are using it (when, how many at once, etc)

(imported comment written by BenKus)

Hello,

Unfortunately, the “running application” inspector only counts each application once… We have an open request for a “process” inspector that will return the data that you are looking for, but it always falls off the bottom of the release list due to time constraints…

Perhaps you can used the “logged on user” inspector instead?

Ben

(imported comment written by jeko1791)

I think other logged on users may not all be using the Console on our Citrix server. I’ll keep my fingers crossed for a process inspector.

Thanks Ben.

(imported comment written by MrFixit)

I cringe everytime I use WMI but it is an option while we wait for process inspectors. As a property in an analysis you can have it evaluate less frequent and target only those nodes so the impact can be minimized.

The query below ran for ~187ms for a terminal server that had ~450 results for selects “Name of Win32_Process”

number of (selects “Name from Win32_Process where Name = ‘BESConsole.exe’” of wmi)

(imported comment written by jessewk)

Actually there is a clever way to do this with our ‘application usage’ inspector.

1. Use the ‘Edit Computer Settings…’ dialog to enable application tracking on the client (if it is not already enabled) by setting the following client setting:

_BESClient_UsageManager_EnableAppUsage = 1

2. Create a property with the following relevance:

maxima of items 1 of application usages “BESConsole.exe”

The result will tell you the maximum number of concurrent BES Consoles the client has seen running since the last client registration. Here’s the precise behavior:

Data from the application usage inspectors is periodically purged from the client. The client maintains a log of application start and end times. Whenever it reports, it adds a marker in the log to identify the report number being sent. Whenever it registers, it gets back confirmation of the highest report number received by the server. It then purges this log up to the matching mark.

(imported comment written by jeko1791)

Interesting approach, I’ll give it a try.

Thanks jessewk

Hi all,
Does anyone know the relevance for all running processes on a Windows server?

Hi Bryan,

I personally use this: https://www.bigfix.me/analysis/details/2998405

What information are you looking for about the processes?

Bill

Strawgate,
That’s almost perfect. All I need is the name of all running processes. If I remove the “then” statement will that remove the pathname from the analysis?

Hi,

If all you’re looking for is the names of the processes you can get away with just:

names of processes

If you want it sorted you can do

unique values of names of processes

That was exactly what I needed…Thank you!

In case you ever compare the values to the task manager in Windows, the names can be different so the following will actually give you the results in the form the task manager presents

task names of running applications

What about when I want to know if a client is running Notepad process?

I tried the following analysis but it didn’t give any results-

if (exists task name “notepad.exe” of type “process”) then “Yes” else “No”