Menu
I have service named WinDefend and it runs on process svchost.exe
There other many svchost.exe processes and I need to find a way to get its ID.
when I run tasklist /svc I can see: 
I am not sure how can I get it.
I found this command but when I tried the select "PID" it gave me empty column. 
I need to get the PID of the process to variable.
792
A process is nothing but running instance of a program and each process has a unique PID on a Unix-like system. The easiest way to find out if process is running is run ps aux command and grep process name. If you got output along with process name/pid, your process is running.
To find the PID of a process, type Get-Process . Indicates that the UserName value of the Process object is returned with results of the command. Specifies one or more process objects. Enter a variable that contains the objects, or type a command or expression that gets the objects.
tasklist is just returning text, not actual objects that have properties you can access. You can use WMI to get this information instead:
$id = Get-WmiObject -Class Win32_Service -Filter "Name LIKE 'WinDefend'" | Select-Object -ExpandProperty ProcessId $process = Get-Process -Id $id Update for PowerShell Core
In version 6, Windows PowerShell started towards cross platform support with PowerShell Core based on .NET Core. This led to many changes in cmdlets that were Windows-centric and some being left out completely. WMI is a Windows only technology, so its cmdlets (e.g. Get-WmiObject) were not ported over. However, its features are available via CIM cmdlets (e.g. Get-CimInstance) here is a version that will work on PowerShell 6+:
$id = Get-CimInstance -Class Win32_Service -Filter "Name LIKE 'WinDefend'" | Select-Object -ExpandProperty ProcessId $process = Get-Process -Id $id 
$p=Tasklist /svc /fi "SERVICES eq windefend" /fo csv | convertfrom-csv $p.PID If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
