Skip to content
Go to file
Cannot retrieve contributors at this time
35 lines (25 sloc) 1017 Bytes
import wmi
import psutil
# List of protected processes
protected_processes = ['iexplore.exe', 'winword.exe']
# Setup WMI instance
wmi_instance = wmi.WMI()
process_watcher = wmi_instance.Win32_Process.watch_for("creation")
# Constant monitoring loop
while True:
# If we've identified a new process being launched
new_process = process_watcher()
# Identify process ID and parent process ID
process = psutil.Process(new_process.ProcessId)
parent = psutil.Process(new_process.ParentProcessId)
# If the process is something other than a child of itself
if process.exe() != parent.exe():
# If the parent process name is in the list of protected processes
if in protected_processes:
# Warn the user...
print ("Warning: Protected process " + + " has launched a child process")
print ("Info: Attempting to terminate process: " +
# ...and terminate the process
if process.is_running():
You can’t perform that action at this time.