svchost.exe (-s dps) (Diagnostic Policy Service)
Function: While ostensibly for diagnosing system issues (especially network connectivity), the Diagnostic Policy Service (DPS) often logs information about executed processes, including paths and sometimes compilation timestamps embedded within the executable's header.
Identifying the Process: Locate the
svchost.exeinstance hosting the "DPS" service.Common Search Patterns (Regex, case-insensitive):
^([a-zA-Z]:\\.+)\\?$: A broad pattern that often reveals full paths to executed.exefiles. The surrounding strings might sometimes include compilation date information.^!.)*$: Specifically targets paths logged by DPS that do not end in.exe, aiming to catch renamed/extensionless executables.
PreviousPlugPlay Service (Sometimes shown under DCOMLaunch)NextPcaSvc (Program Compatibility Assistant Service)
Last updated