Monitors WMI Win32_ProcessStartTrace events using an asynchronous event query.

Visual Basic
Edit|Remove
strComputer = "."
Set SINK = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")
Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
objWMIService.ExecNotificationQueryAsync SINK, _
 "SELECT * FROM Win32_ProcessStartTrace"
WScript.Echo "Waiting for process to start ..."
Do
   WScript.Sleep 1000
Loop

Sub SINK_OnObjectReady(objLatestEvent, objAsyncContext)

Wscript.Echo VbCrLf & "Process Name: " & objLatestEvent.ProcessName
Wscript.Echo "Process ID: " & objLatestEvent.ProcessId
Wscript.Echo "Time: " & Now

End Sub