else Write-FlibustierLog "Guest account not found (normal on some builds)." $Sessions = query user 2>$null if ($Sessions) Write-FlibustierLog "Active user sessions:" $Sessions else Write-FlibustierLog "No interactive user sessions found." 3. Find suspicious processes (high CPU/memory, not from System/current user) $HighCPUProcs = Get-Process | Where-Object $ .CPU -gt 50 -and $ .ProcessName -notin @("System","Idle","svchost") $HighMemProcs = Get-Process | Where-Object $ .WorkingSet64 -gt 500MB -and $ .ProcessName -notin @("System","Idle")
else Write-FlibustierLog "RDP not running, no need to block."
function Write-FlibustierLog param([string]$Message) $TimeStamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" "$TimeStamp - $Message"