Setting Permanent Event Using ActiveScriptEventConsumer

albert1230 · September 30, 2021, 2:49pm

Using ActiveScriptEventConsumer to create a permanent Event in PowerShell. below is the script and the error.

   #Create an instance class of __EventFilter to query
    $EventFilter = ([wmiclass]"\\.\root\subscription:__EventFilter").CreateInstance()

    #Create the values of the EventFilter
    $EventFilter.Name = "WindowsDefenderUpdate"
    $EventFilter.query = "SELECT * FROM __InstanceModificationEvent WITHIN 5 WHERE TargetInstance ISA 'CIM_DATAFILE' AND TargetInstance.Path = '\\Users\\ealbert2\\Documents\\windowsDefenderUpdate_v1\\'"
    $EventFilter.QueryLanguage = "WQL"
    $EventFilter.Eventnamespace = "root\cimv2"

    $NewEventFilter = $EventFilter.Put()
    $NewEventPath = $NewEventFilter.Path


    #Create instance of ConsumerFilter
    $ConsumerFilter = ([wmiclass]"\\.\root\subscription:ActiveScriptEventConsumer").CreateInstance()
    $ConsumerFilter.Name = "WindowsDefenderConsumer"
    $ConsumerFilter.ScriptFilename = 
    $ConsumerFilter.ScriptText ="C:\Powershell\Scripts\WindowsDefenderUpdate\start-scheduleWindowsDefenderUpdate_v1.ps1"
    
    $ConsumerFilter.ScriptingEngine = "Powershell"

    $NewConsumerFilter = $ConsumerFilter.Put()
    $FilePathConsumerFilter = $NewConsumerFilter.Path


    #Create an instance of consumerTobindingFilter
    $ConToBind = ([wmiclass]"\\.\root\subscription:__FilterToConsumerBinding").CreateInstance()
    $ConToBind.Filter = $NewEventPath
    $ConToBind.Consumer = $FilePathConsumerFilter
    $NewConToBind = $ConToBind.Put()
    $filePathbinding = $NewConToBind.Path

Errors Triggered: Please What could be the cause of the error.

Exception setting “ScriptText”: "Generic failure "
At C:\Powershell\Scripts\Function Start-ScheduleWindowsDefenderEv.ps1:19 char:5

$ConsumerFilter.ScriptText ="C:\Powershell\Scripts\WindowsDefende ...

```
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~        
```
- CategoryInfo : NotSpecified: ( , SetValueInvocationException
- FullyQualifiedErrorId : CatchFromBaseAdapterSetValue

Exception setting “Consumer”: "Generic failure "
At C:\Powershell\Scripts\Function Start-ScheduleWindowsDefenderEv.ps1:30 char:5

$ConToBind.Consumer = $FilePathConsumerFilter

```
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: ( , SetValueInvocationException
- FullyQualifiedErrorId : CatchFromBaseAdapterSetValue

Exception calling “Put” with “0” argument(s): "Illegal null value "
At C:\Powershell\Scripts\Function Start-ScheduleWindowsDefenderEv.ps1:31 char:5

```
$NewConToBind = $ConToBind.Put()
```
```
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: ( , MethodInvocationException
- FullyQualifiedErrorId : DotNetMethodException

Topic		Replies	Views
Problem with a Permanent WMI Event Handler PowerShell Help	3	167	December 28, 2015
WMI Permanent Eventing PowerShell Help	0	107	December 31, 2011
Make Register-ObjectEvent Persistent PowerShell Help	3	289	March 12, 2015
.NET event handler PowerShell Help	3	138	June 27, 2017
Listen for Events from Powershell given from NewWebService Proxy c# and Powershe PowerShell Help	0	137	November 20, 2019

Setting Permanent Event Using ActiveScriptEventConsumer

Related Topics