I have been using the ManagementEventWatcher in the past few months to watch for new processes starting, and it has worked without any issues. However, I just recently tried my app again, and it seems that the events for a new process are no longer getting called.
Here is the sample code:
   var startWatch = new ManagementEventWatcher(new WqlEventQuery("SELECT * FROM Win32_ProcessStartTrace"));
And the event:
private static void ProcessStart_EventArrived(object sender, EventArrivedEventArgs e)
{
            Console.WriteLine("AppStarted");
}
I also tested this on another friend's machine (also Win 8.1) who had an old binary (which worked just fine in the past few months as well), and he is no longer receiving the events either.
The issue only seems to exist with the Win32_ProcessStartTrace because Win32_ProcessStopTrace works just fine and receives events when a process stops.
Has there been any windows updates lately that could perhaps interfere with this? My system's env has not changed since it last worked (aside form the win updates).
I was having this problem. To fix it, you need to uninstall the Windows Update "kb3045999".
To do this:
The problem should then be fixed.
This is caused by Windows Update kb3045999.
After you install this security update in Windows 8.1 or Windows Server 2012 R2, applications that call Windows Management Instrumentation (WMI) APIs directly, or that call APIs that rely on WMI (such as the ManagementEventWatcher class) do not receive the correct status of the process (regardless of whether the process is running or not running).
Solution: To resolve this issue, install hotfix 3094199.
Update 07/11/2015: Microsoft has released a hotfix.
You can use command line to uninstall this update.
wusa /uninstall /kb:3045999
See WUSA - Windows Update Standalone Installer for more parameters.
Update 23/08/2015: For me, the solution is no longer working.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With