If you haven't used the awesome set of PsTools by Mark Russinovich, stop reading this immediately and check them out. I'll wait.
Two of my favourites are PsList and PsKill. The first lists running process information and the second kills a process (based on it's Process ID or PID). The really cool thing is that you can run the same commands against remote machines (assuming you have appropriate credentials).
Combine the two in a user friendly script and you've got yourself an instant solution for identifying and stopping rogue processes. I've also added in some logging so you keep an eye on the history of troublesome machines.
When you first launch the script it prompts you for the machine name (or IP address), that you want to investigate.
This is then passed into a command line execution of PsList. There are a bunch of switches available, in this example I run the capture for 10 seconds with a refresh every 2 seconds. It's good to get a few refreshes in there, to avoid a false positive. The resulting text file opens up and displays all of the running process with details such as the Name, Process ID, CPU, Memory and Page Faults.
In the example above you can see WINWORD Process ID 9924 is consuming 48% of the CPU resources. The server in question has 2 vCPUs, so this is definitely a rogue process consuming an entire core. Checking the other captures confirms this process is not going anywhere.
The next prompt confirms if you want to kill a process and if so asks for the PID. This gets passed into a command execution of PsKill. Bang! That's it, the process will be killed immediately.
/ | ||
Post a Comment