"PS Script to find specific eventlog events excluding whitelist"

I'm trying to use the existing eventlog check to notify of software installs (App log, Source=MsiInstaller, Event 11707). This works, but there is no way to exclude legitimate common installs such as Adobe or Java updates.

So I'm looking for a way to fail a check when an 11707 is found, unless the product detail for that event includes the text "X" or "Y" or "Z", which would be hard-coded in the script and modifyable.

Any PS guru's willing to take a whack at a script with a modifyable whitelist?

created 16 days ago
 1 1 1
You must be signed in before you can post a fix

► Have questions?

► Something not working?

► Suggestions?

Post your questions on the meta site, where we discuss everything related to FixIT Scripts

visit meta now»