Scribd
Upload
14 views

Terminating A Specific Process

The document provides instructions for terminating specific processes running on Windows using Windows PowerShell. It explains how to use the Get-Process command to search for a process by name and get its process ID (PID). It then demonstrates how to use the taskkill command along with the PID to terminate that process. Finally, it shows how Get-Process can be used again to verify the process is no longer running.

Uploaded by

arunajith897
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
14 views

Terminating A Specific Process

The document provides instructions for terminating specific processes running on Windows using Windows PowerShell. It explains how to use the Get-Process command to search for a process by name and get its process ID (PID). It then demonstrates how to use the taskkill command along with the PID to terminate that process. Finally, it shows how Get-Process can be used again to verify the process is no longer running.

Uploaded by

arunajith897
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Terminating a specific process

On Windows, you can view running processes in the Task Viewer, or use Windows PowerShell (this is what you'll be using for this lab). For
these operations, you'll need to be running a Windows PowerShell terminal in Administrative mode. So, search the Start Menu for Windows
PowerShell, right-click it, and select "Run as Administrator".

From Windows PowerShell, you can use Get-Process to search for a process by name. The "totally_not_malicious" process is running on this
machine, too. Search for it, using this command:

Get-Process -Name "totally_not_malicious"


content_copy
Each row represents a process, and one of the columns shows the process ID:

To end a process, you can use taskkill and specify the Process ID, or PID, of the process:

Note: Make sure you replace/substitute the "[PROCESS ID]" with id of the process you got from the previous command.

taskkill /F /PID [PROCESS ID]


content_copy
You should see this message after running taskkill with the PID for your process, which will likely be different than the ID specified here:

To verify that the process is no longer running, you can search for it again:

Get-Process -Name "totally_not_malicious"


content_copy
This should throw an error because no process by that name exists anymore, indicating that you've successfully ended it:

Click Check my progress to verify the objective.

Malicious Process
Check my progress
Terminating multiple processes
There are processes containing the word "razzle" also running on this VM. Get-Process doesn't handle processes with partially-matching
names, like grep does, and running Get-Process -Name "razzle" would result in no matches. However, you can use "wildcards"
(asterisks) to look for processes that contain "razzle" in their name:

Get-Process -Name "*razzle*"


content_copy
This will show two processes that contain "razzle" in their name:

You can use taskkill, like before, once for each of the "razzle" processes:

Note: Make sure you replace/substitute the "[PROCESS ID]" with id of the process you got from the previous command.

taskkill /F /PID [PROCESS ID]


content_copy

You can use Get-Process again to verify that the processes have been ended:

Get-Process -Name "*razzle*"


content_copy
You shouldn't see any processes in the output. When you ran this before to verify that the malicious process had been terminated, it printed an
error message because the specifically-named process was not present. When you use a wildcard (*) in the search, you aren't looking for an exact
match. So, rather than an error message, the command outputs nothing at all (because there are no matches):

Click Check my progress to verify the objective.

You might also like