#####aid_begin
#description: process query for all processes that are not running from %systemdrive%\windows,%systemdrive%\program files*
#id: aid2201212352
#processtype: query
#category: process
#sourcelink: <na>
#tacticidlist: <na>
#techniqueidlist: <na>
#compatibleos: |-
#  windows 7
#  windows 8.*
#  windows 10
#  windows 11
#  windows server 2008 r2
#  windows server 2012
#  windows server 2012 r2
#  windows server 2016
#  windows server 2019
#compatibleengine: |-
#  powershell 2
#  powershell 3
#  powershell 4
#  powershell 5.*
#  powershell 7.*
#bgcommandlist: |-
#  get-bgprocesslist
#notes: |-
#  process query for all processes that are not running from %systemdrive%\windows,%systemdrive%\program files*
#####aid_end
commands:
- Get-BGProcessList -FilterType Path -Pattern $("^(?!{0}\\Windows|{0}\\Program Files).*$" -f $Env:SystemDrive)