Description
Suspends all threads in the target process.
Overview
This cmdlet suspends all threads of a given process and returns detailed process information. It uses Win32 API calls for thread manipulation.
Process
- Retrieve detailed process information using ProcessInfoDetailed.GetProcessInfoEx.
- Get the Process object using Process.GetProcessById(pid).
- Iterate through all threads of the process.
- Open a handle to each thread using Kernel32.OpenThread.
- If opening fails, throw a Win32Exception.
- Suspend the thread using Kernel32.SuspendThread.
- If suspension fails, close the handle and throw an InvalidOperationException.
- Close the thread handle after suspension.
- Return the ProcessInfoDetailed object.
Considerations
- Requires administrator privileges to suspend other processes.
- Can cause instability if suspending system-critical processes.
- Threads remain suspended until manually resumed.
Parameters
| Name | Type | Description |
|---|---|---|
| ProcessName | string | The name of the process to suspend. |
| ProcessId | int | The PID of the process to suspend. |
Process Names for Reference
| Solution | Process Name(s) |
|---|---|
| Absolute Persistence | acnamagent.exe, acnamlogonagent.exe |
| AhnLab V3 Endpoint Security | V3Svc.exe |
| AlienVault USM | ossec-agent.exe |
| Altiris Symantec | ccSvcHst.exe |
| ArcSight ESM | arcsight.exe |
| ARCON PAM | ARCONService.exe |
| AT&T Cybersecurity USM | usm-agent.exe |
| Avast | aswidsagent.exe |
| Avast Business Antivirus | AvastSvc.exe, AvastUI.exe |
| Avira | avgnt.exe |
| Avira Antivirus Pro | avguard.exe |
| BeyondTrust Endpoint Privilege Management | BeyondTrust.exe |
| Bitdefender Antivirus Plus | bdservicehost.exe |
| Bitdefender GravityZone | EPConsole.exe, bdservicehost.exe |
| Bitdefender Total Security | bdagent.exe, vsserv.exe |
| BlackBerry Optics | CylanceSvc.exe |
| BlackBerry Protect | BlackBerryProtect.exe |
| BullGuard Endpoint Security | BullGuardSvc.exe |
| Carbon Black (VMware) | cb.exe, cbdefense.exe |
| Check Point SandBlast Agent | TracSrvWrapper.exe, cpda.exe |
| Cisco AMP | sfc.exe |
| Cisco AMP for Endpoints | sfc.exe, CylanceSvc.exe |
| Cisco Umbrella Roaming Security | aciseagent.exe, acumbrellaagent.exe |
| Comodo Advanced Endpoint Protection | cmdagent.exe |
| CrowdStrike Falcon | CSFalconService.exe |
| CrowdStrike Falcon Complete | CSFalconService.exe |
| CyberArk Endpoint Privilege Manager | epmService.exe |
| CyberArk Software | epmService.exe |
| Cybereason Active Monitoring | CybereasonRansomFreeService.exe |
| Cybereason Defense Platform | CybereasonRansomFreeService.exe |
| Cynet 360 | cyserver.exe |
| Cytomic Orion | cytomicendpoint.exe |
| Darktrace | darktracetsa.exe |
| Delinea Secret Server | SecretServerService.exe |
| Deep Instinct | DeepInstinctService.exe |
| Dell Secureworks | secureworks.exe |
| Devo SIEM | devo-agent.exe |
| DriveSentry | dsmonitor.exe, dwengine.exe |
| Dr.Web Enterprise Security Suite | dwservice.exe |
| Elastic Endpoint Security | elastic-endpoint.exe |
| Elastic SIEM | elastic-agent.exe |
| Emsisoft Enterprise Security | a2service.exe |
| Endgame | endgame.exe |
| ESET Endpoint Security | ekrn.exe |
| ESET NOD32 | egui.exe, ekrn.exe |
| F-Secure | fsecure.exe |
| F-Secure Client Security | F-Secure.exe |
| F-Secure Protection Service | F-Secure.exe |
| FireEye | fireeye.exe |
| FireEye Endpoint Security | xagt.exe |
| FortiEDR (Fortinet) | fdedr.exe |
| Graylog | graylog-agent.exe |
| G Data Endpoint Protection | GDataAVK.exe, AVKService.exe |
| Heimdal Security Thor | HeimdalClientHost.exe |
| Hexis Cyber Solutions | hexis.exe |
| IBM QRadar | qradar.exe |
| Ivanti Application Control | AppSenseService.exe |
| Ivanti Endpoint Security | HeatSoftware.exe |
| Kaspersky | klwtblfs.exe |
| Kaspersky Endpoint Security | avp.exe |
| LogRhythm SIEM | lragent.exe |
| LogPoint | logpoint-agent.exe |
| Malwarebytes Endpoint Protection | mbamservice.exe |
| ManageEngine PAM360 | PAM360Service.exe |
| McAfee | mcafee.exe |
| McAfee Endpoint Detection and Response | mfefire.exe, mfeepmpk.exe |
| McAfee Endpoint Security | mfetp.exe, mfeesp.exe |
| McAfee MVISION Endpoint | MfeEpeHost.exe |
| McAfee Total Protection | mcshield.exe |
| McAfee VirusScan | mcshield.exe, shstat.exe |
| Microsoft AppLocker | AppLockerService.exe |
| Microsoft Defender Antivirus | MsMpEng.exe |
| Microsoft Defender for Endpoint (MDE) | SenseCncProxy.exe, MsSense.exe |
| Microsoft Defender XDR | MsSense.exe |
| Microsoft Entra ID | EntraIDService.exe |
| Microsoft Sentinel | MsSense.exe |
| Microsoft Sysmon | sysmon.exe, sysmon64.exe |
| Nexthink | nxtusm.exe |
| Nexthink Collector | nxtsvc.exe |
| Norton 360 | n360.exe |
| Norton Security | nortonsecurity.exe |
| Palo Alto Networks Traps | CyveraService.exe, CyveraConsole.exe, traps.exe, trapsagent.exe, trapsd.exe |
| Panda Adaptive Defense | PSANHost.exe, PSUAService.exe |
| Panda Security | panda_url_filtering.exe, pavfnsvr.exe, pavsrv.exe, psanhost.exe |
| Quick Heal Total Security | qhepsvc.exe |
| Rapid7 InsightIDR | rapid7.exe |
| Raytheon Cyber Solutions | raytheon.exe |
| RSA NetWitness | nwservice.exe |
| RSA NetWitness Endpoint | nwservice.exe |
| SAFE-Cyberdefense | safe.exe |
| SecureAPlus | SecureAPlus.exe |
| SentinelOne | SentinelAgent.exe, sentinelctl.exe, sentinelmemoryscanner.exe, sentinelservicehost.exe, sentinelstaticengine.exe, sentinelstaticenginescanner.exe |
| SolarWinds NPM | npmdagent.exe |
| SolarWinds SEM | SolarWindsSEM.exe |
| Sophos | savservice.exe |
| Sophos Endpoint Security | savservice.exe, sophosav.exe, sophosclean.exe, sophoshealth.exe, sophossps.exe, sophosui.exe |
| Sophos Intercept X | SAVService.exe, SAVAdminService.exe |
| Sophos XDR | SAVService.exe, SAVAdminService.exe |
| Splunk Universal Forwarder | splunkd.exe |
| StrongDM | StrongDMService.exe |
| Sumo Logic | sumo.exe |
| Symantec | symantec.exe |
| Symantec Endpoint Detection and Response | SescLU.exe, seplu.exe |
| Symantec Endpoint Protection | ccSvcHst.exe, Smc.exe |
| Symantec Endpoint Privilege Control | SEPCService.exe |
| Symantec PAM | SymantecPAMService.exe |
| Tanium EDR | tanclient.exe |
| Thycotic Privilege Manager | DPMService.exe |
| ThreatLocker | ThreatLockerService.exe |
| Trend Micro Apex One | ntrtscan.exe, pccntmon.exe |
| Trend Micro Antivirus | clientcommunicationservice.exe |
| Trend Micro EDR | appcontrolagent.exe, browserexploitdetection.exe, dataprotectionservice.exe, endpointbasecamp.exe, realtimescanservice.exe, samplingservice.exe, securityagentmonitor.exe |
| Trend Micro Maximum Security | TMASOAgent.exe |
| Trend Micro OfficeScan | ntrtscan.exe |
| Trustwave Endpoint Protection | TrustwaveService.exe |
| VIPRE Advanced Security | SBAMSvc.exe |
| VMware Workspace ONE | AirWatchService.exe |
| WALLIX Bastion | WALLIXService.exe |
| Webroot SecureAnywhere | WRSA.exe |
| Windows Defender | windefend.exe |
| ZoneAlarm Anti-Ransomware | ZAPrivacyService.exe |