Home
  •  

Unwanted Process Monitor Type

Microsoft.SystemCenter.Process.UnwantedProcessMonitorType (UnitMonitorType)

Monitor is used to detect execution of unwanted process.

Element properties:

RunAsDefault
AccessibilityPublic
Support Monitor RecalculateFalse

Member Modules:

ID Module Type TypeId RunAs 
DataSource DataSource System.ProcessInformationProvider Default
NoUnwantedProcessFilter ConditionDetection System.ExpressionFilter Default
UnwantedProcessExistsFilter ConditionDetection System.ExpressionFilter Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
Frequencyint$Config/Frequency$FrequencyThis parameter controls the frequency with which the unwanted process instance is checked.

Source Code:

<UnitMonitorType ID="Microsoft.SystemCenter.Process.UnwantedProcessMonitorType" Accessibility="Public">

  <MonitorTypeStates>

    <MonitorTypeState ID="UnwantedProcessDoesNotExist" NoDetection="false"/>

    <MonitorTypeState ID="UnwantedProcessExists" NoDetection="false"/>

  </MonitorTypeStates>

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="UnwantedProcessName" type="xsd:string" minOccurs="1" maxOccurs="1"/>

    <xsd:element name="Frequency" type="xsd:unsignedInt"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="Frequency" Selector="$Config/Frequency$" ParameterType="int"/>

  </OverrideableParameters>

  <MonitorImplementation>

    <MemberModules>

      <DataSource ID="DataSource" TypeID="System!System.ProcessInformationProvider">

        <Frequency>$Config/Frequency$</Frequency>

      </DataSource>

      <ConditionDetection ID="NoUnwantedProcessFilter" TypeID="System!System.ExpressionFilter">

        <Expression>

          <Not>

            <Expression>

              <Exists>

                <ValueExpression>

                  <XPathQuery Type="String">ProcessInformations/ProcessInformation/ProcessName[.='$Config/UnwantedProcessName$']</XPathQuery>

                </ValueExpression>

              </Exists>

            </Expression>

          </Not>

        </Expression>

      </ConditionDetection>

      <ConditionDetection ID="UnwantedProcessExistsFilter" TypeID="System!System.ExpressionFilter">

        <Expression>

          <Exists>

            <ValueExpression>

              <XPathQuery Type="String">ProcessInformations/ProcessInformation/ProcessName[.='$Config/UnwantedProcessName$']</XPathQuery>

            </ValueExpression>

          </Exists>

        </Expression>

      </ConditionDetection>

    </MemberModules>

    <RegularDetections>

      <RegularDetection MonitorTypeStateID="UnwantedProcessDoesNotExist">

        <Node ID="NoUnwantedProcessFilter">

          <Node ID="DataSource"/>

        </Node>

      </RegularDetection>

      <RegularDetection MonitorTypeStateID="UnwantedProcessExists">

        <Node ID="UnwantedProcessExistsFilter">

          <Node ID="DataSource"/>

        </Node>

      </RegularDetection>

    </RegularDetections>

  </MonitorImplementation>

</UnitMonitorType>