Hi – I’m having some trouble matching strings from one array to another. Example I’m trying use below.
$Time = (Get-Date).AddHours(-8) [array]$Excude = @('powershell_ise.exe','cmd.exe') | Out-String -Stream $Events = Get-WinEvent -FilterHashTable @{ logName = "Microsoft-Windows-AppLocker/EXE and DLL"; ID = 8003; StartTime = $Time } -ErrorAction SilentlyContinue $Events | Where { $_.Message -notmatch $Excude} Everything works as intended up until the final where statement. If I have a single string in $Exclude it works. For example:
[array]$Excude = @('powershell_ise.exe') | Out-String -Stream The message Get-Winevent returns looks like:
%SYSTEM32%WINDOWSPOWERSHELLV1.0POWERSHELL_ISE.EXE was allowed to run but would have been prevented from running if the AppLocker policy were enforced. As I understand it I cannot use -Contains since the two values from each array are different. If anyone can point me in the right direction I’d greatly appreciate it!
Regards, Gary
submitted by /u/Gary_Chan1
[link] [comments]
The post Matches values from arrays. appeared first on How to Code .NET.