# Get-BluGenieProcessList Get-BluGenieProcessList ### SYNOPSIS Get a full list of Processes ### SYNTAX ``` Get-BluGenieProcessList [[-FilterType] ] [[-Pattern] ] [[-Managetype] ] [[-LazyPathSearch]] [[-Algorithm] ] [[-Walkthrough]] [[-Signature]] [[-NotMatch]] [-ClearGarbageCollecting] [-UseCache] [-CachePath ] [-RemoveCache] [-DBName ] [-DBPath ] [-UpdateDB] [-ForceDBUpdate] [-NewDBTable] [[-ReturnObject]] [[-OutUnEscapedJSON]] [-OutYaml] [-FormatView ] [] ``` ### DESCRIPTION Get a full list of Processes and all linked properties including parent processes and process owner information ### EXAMPLES #### EXAMPLE 1 ``` Command: Get-BluGenieProcessList ``` ``` Description: Return all the processes on the local machine Notes: The default Hash Algorithm is (MD5) ``` #### EXAMPLE 2 ``` Command: Get-BluGenieProcessList -FilterType NoFilter -Algorithm SHA256 ``` ``` Description: Return all the processes on the local machine (default option) with a differnet Hash type Notes: The Hash Algorithm is (SHA256) ``` #### EXAMPLE 3 ``` Command: Get-BluGenieProcessList -FilterType NullPaths -Algorithm SHA512 ``` ``` Description: Return all the processes on the local machine that do not have a valid path Notes: The Hash Algorithm is (SHA512) ``` #### EXAMPLE 4 ``` Command: Get-BluGenieProcessList -FilterType Name -Pattern shell ``` ``` Description: Return all the processes on the local machine with a Name field that matches the RegEx pattern Notes: ``` #### EXAMPLE 5 ``` Command: Get-BluGenieProcessList -FilterType Name -Pattern '^powershell_ise\.exe$' ``` ``` Description: This will return all the processes on the local machine with a Name field that matches the RegEx pattern with an Exact Match Notes: ``` #### EXAMPLE 6 ``` Command: Get-BluGenieProcessList -FilterType Name -Pattern '^powershell_ise\.exe$' -LazyPathSearch ``` ``` Description: Return all the processes with an Exact Match and validate path with LazyPathSearch Notes: By default the process path will be searched for under the entire System drive. This is a (Slow Search). ``` #### EXAMPLE 7 ``` Command: Get-BluGenieProcessList -FilterType Name -Pattern '^powershell_ise\.exe$' -Managetype Stop ``` ``` Description: Return all the processes with an Exact Match and Terminate the process Notes: -Managetype can also [Suspend and Resume] ``` #### EXAMPLE 8 ``` Command: Get-BluGenieProcessList -Help ``` ``` Description: Call Help Information Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 9 ``` Command: Get-BluGenieProcessList -WalkThrough ``` ``` Description: Call Help Information [2] Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal Get-Help will be called with the -Full parameter ``` #### EXAMPLE 10 ``` Command: Get-BluGenieProcessList -OutUnEscapedJSON ``` ``` Description: The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters Notes: ``` #### EXAMPLE 11 ``` Command: Get-BluGenieProcessList -ReturnObject ``` ``` Description: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table. Notes: ``` ### PARAMETERS #### FilterType ``` -FilterType Description: Which property to filter by Notes: � Filter Option o "Caption" Search the Caption Field o "CommandLine" Search the CommandLine Field o "Name" Search the Name Field o "ProcessId" Search the ProcessID Field o "Path" Search the Path Field o "ProcessOwner" Search the ProcessOwner Field o "Process_Hash" Search the Process_Hash Field o "NoFilter" Return all items with no specific search terms processed o "NullPaths" Return all items with no valid Path found o "Signature_Comment" Display error message while pulling Signature Information [Note: This is only available if you use the -Signature switch] o "Signature_FileVersion" File Version and OS Build information in part of the OS [Note: This is only available if you use the -Signature switch] o "Signature_Description" The description of the files signature [Note: This is only available if you use the -Signature switch] o "Signature_Date" Date when the file was signed [Note: This is only available if you use the -Signature switch] o "Signature_Company" The company signing the file [Note: This is only available if you use the -Signature switch] o "Signature_Publisher" The Publisher signing the file [Note: This is only available if you use the -Signature switch] o "Signature_Verified" Verification ( Signed / UnSigned / Null ) [Note: This is only available if you use the -Signature switch] Alias: ValidateSet: 'Caption','CommandLine','Name','ProcessId','Path','ProcessOwner','Process_Hash','NullPaths','Signature_Comment','Signature_FileVersion','Signature_Description','Signature_Date','Signature_Com pany','Signature_Publisher','Signature_Verified' Required? false Position? 2 Default value Name Accept pipeline input? false Accept wildcard characters? false ``` #### Pattern ``` -Pattern Description: Search Pattern using RegEx Notes: Alias: ValidateSet: Required? false Position? 3 Default value .* Accept pipeline input? false Accept wildcard characters? false ``` #### Managetype ``` -Managetype Description: Manage the behavior of the process (Suspend, Resume, Stop) Notes: Alias: ValidateSet: 'Suspend','Resume','Stop' Required? false Position? 4 Default value Accept pipeline input? false Accept wildcard characters? false ``` #### LazyPathSearch ``` -LazyPathSearch [] Description: Search for processes that do not have a valid path Notes: The Search is only under any directory in the system environment path variable. By default the process would be searched for under the System drive. Alias: ValidateSet: Required? false Position? 5 Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### Algorithm ``` -Algorithm Description: Specifies the cryptographic hash to use for computing the hash value of the contents of the specified file. Notes: The acceptable values for this parameter are: - SHA1 - SHA256 - SHA384 - SHA512 - MACTripleDES - MD5 = (Default) - RIPEMD160 Alias: ValidateSet: 'MACTripleDES','MD5','RIPEMD160','SHA1','SHA256','SHA384','SHA512' Required? false Position? 6 Default value MD5 Accept pipeline input? false Accept wildcard characters? false ``` #### Walkthrough ``` -Walkthrough [] Description: Start the dynamic help menu system to help walk through the current command and all of the parameters Notes: Alias: Help ValidateSet: Required? false Position? 7 Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### Signature ``` -Signature [] Description: Query Signature information Notes: Alias: ValidateSet: Required? false Position? 8 Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### NotMatch ``` -NotMatch [] Description: This switch will filter out what items you don't want to query for. Notes: The search string is assigned to the (Pattern) property. Alias: ValidateSet: Required? false Position? 9 Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ClearGarbageCollecting ``` -ClearGarbageCollecting [] Description: Garbage Collection in Powershell to Speed up Scripts and help lower memory consumption Notes: This is enabled by default. To disable use -ClearGarbageCollecting:$False Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### UseCache ``` -UseCache [] Description: Cache found objects to disk. This is to not over tax Memory resources with found artifacts Notes: By default the Cache location is %SystemDrive%\Windows\Temp Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### CachePath ``` -CachePath Description: Path to store the Cache information Notes: By default the Cache location is %SystemDrive%\Windows\Temp Alias: ValidateSet: Required? false Position? named Default value $('{0}\Windows\Temp\{1}.log' -f $env:SystemDrive, $(New-BluGenieUID)) Accept pipeline input? false Accept wildcard characters? false ``` #### RemoveCache ``` -RemoveCache [] Description: Remove Cache data on completion Notes: Cache information is removed right before the data is returned to the calling process Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### DBName ``` -DBName Description: Database Name (Without extention) Notes: The default name is set to 'BluGenie' Alias: ValidateSet: Required? false Position? named Default value BluGenie Accept pipeline input? false Accept wildcard characters? false ``` #### DBPath ``` -DBPath Description: Path to either Save or Update the Database Notes: The default path is $('{0}\BluGenie' -f $env:ProgramFiles) Example: C:\Program Files\BluGenie Alias: ValidateSet: Required? false Position? named Default value $('{0}\BluGenie' -f $env:ProgramFiles) Accept pipeline input? false Accept wildcard characters? false ``` #### UpdateDB ``` -UpdateDB [] Description: Save return data to the Sqlite Database Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ForceDBUpdate ``` -ForceDBUpdate [] Description: Force an update of the return data to the Sqlite Database Notes: By default only new items are saved. The primary key is ( FullName ) Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### NewDBTable ``` -NewDBTable [] Description: Delete and Recreate the Database Table Notes: Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### ReturnObject ``` -ReturnObject [] Description: Return information as an Object Notes: By default the data is returned as a Hash Table Alias: ValidateSet: Required? false Position? 10 Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutUnEscapedJSON ``` -OutUnEscapedJSON [] Description: Removed UnEsacped Char from the JSON information. Notes: This will beautify json and clean up the formatting. Alias: ValidateSet: Required? false Position? 11 Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### OutYaml ``` -OutYaml [] Description: Return detailed information in Yaml Format Notes: Only supported in Posh 3.0 and above Alias: ValidateSet: Required? false Position? named Default value False Accept pipeline input? false Accept wildcard characters? false ``` #### FormatView ``` -FormatView Description: Automatically format the Return Object Notes: Yaml is only supported in Posh 3.0 and above Alias: ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV', 'Yaml' Required? false Position? named Default value None Accept pipeline input? false Accept wildcard characters? false ``` #### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about\_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://manuals.blusapphire.io/blugenie/full-function-list/get-blugenieprocesslist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.