Powershell获得未签名的进程路径,代码如下:
$Process = Get-WmiObject Win32_Process | Select Path
foreach($p in $Process){
if($p.Path -ne $null){
$Signa = Get-AuthenticodeSignature $p.Path
if($Signa.Status -eq 'NotSigned'){
Write-Host $Signa.Path
}
}
}
效果如下: