Win10: System processes are reported with pid and ppid, but with no command or arguments

[jeghers]

Here is what I am getting on Windows 10:

{ pid: '0', command: '', arguments: '', ppid: '0' }
{ pid: '4', command: '', arguments: '', ppid: '0' }
{ pid: '412', command: '', arguments: '', ppid: '4' }
{ pid: '580', command: '', arguments: '', ppid: '492' }
{ pid: '684', command: '', arguments: '', ppid: '492' }
{ pid: '692', command: '', arguments: '', ppid: '676' }
{ pid: '760', command: '', arguments: '', ppid: '684' }
{ pid: '792', command: '', arguments: '', ppid: '684' }
{ pid: '864', command: '', arguments: '', ppid: '676' }
{ pid: '968', command: '', arguments: '', ppid: '760' }
{ pid: '996', command: '', arguments: '', ppid: '760' }
{ pid: '1020', command: '', arguments: '', ppid: '864' }
{ pid: '96', command: '', arguments: '', ppid: '684' }
{ pid: '756', command: '', arguments: '', ppid: '760' }
{ pid: '496', command: '', arguments: '', ppid: '760' }
{ pid: '1088', command: '', arguments: '', ppid: '864' }
{ pid: '1184', command: '', arguments: '', ppid: '760' }
{ pid: '1200', command: '', arguments: '', ppid: '760' }
{ pid: '1268', command: '', arguments: '', ppid: '760' }
{ pid: '1340', command: '', arguments: '', ppid: '760' }
{ pid: '1376', command: '', arguments: '', ppid: '760' }
{ pid: '1384', command: '', arguments: '', ppid: '1200' }
{ pid: '1400', command: '', arguments: '', ppid: '760' }
{ pid: '1416', command: '', arguments: '', ppid: '760' }
{ pid: '1424', command: '', arguments: '', ppid: '760' }
{ pid: '1620', command: '', arguments: '', ppid: '760' }
{ pid: '1732', command: '', arguments: '', ppid: '760' }
{ pid: '1772', command: '', arguments: '', ppid: '760' }
{ pid: '1808', command: '', arguments: '', ppid: '760' }
{ pid: '1920', command: '', arguments: '', ppid: '760' }
{ pid: '1972', command: '', arguments: '', ppid: '1200' }
{ pid: '2008', command: '', arguments: '', ppid: '760' }
{ pid: '2020', command: '', arguments: '', ppid: '760' }
{ pid: '1036', command: '', arguments: '', ppid: '760' }
{ pid: '1064', command: '', arguments: '', ppid: '760' }
{ pid: '2076', command: '', arguments: '', ppid: '760' }
{ pid: '2104', command: '', arguments: '', ppid: '760' }
{ pid: '2164', command: '', arguments: '', ppid: '760' }
{ pid: '2216', command: '', arguments: '', ppid: '1036' }
{ pid: '2256', command: '', arguments: '', ppid: '760' }
{ pid: '2420', command: '', arguments: '', ppid: '760' }
{ pid: '2508', command: '', arguments: '', ppid: '760' }
{ pid: '2564', command: '', arguments: '', ppid: '760' }
{ pid: '2596', command: '', arguments: '', ppid: '2508' }
{ pid: '2620', command: '', arguments: '', ppid: '760' }
{ pid: '2628', command: '', arguments: '', ppid: '760' }
{ pid: '2804', command: '', arguments: '', ppid: '760' }
{ pid: '2828', command: '', arguments: '', ppid: '760' }
{ pid: '4672', command: '', arguments: '', ppid: '760' }
{ pid: '4684', command: '', arguments: '', ppid: '760' }
{ pid: '5196', command: '', arguments: '', ppid: '4' }
{ pid: '6012', command: '', arguments: '', ppid: '760' }
{ pid: '6196', command: '', arguments: '', ppid: '996' }
{ pid: '7088', command: '', arguments: '', ppid: '760' }
{ pid: '7660', command: '', arguments: '', ppid: '760' }
{ pid: '7704', command: '', arguments: '', ppid: '760' }
{ pid: '8136',
  command: 'C:\\Program Files (x86)\\HitmanPro.Alert\\hmpalert.exe',
  arguments: [ '/tray' ],
  ppid: '1920' }
{ pid: '8180',
  command: 'C:\\Windows\\TEMP\\DPTF\\esif_assist_64.exe',
  arguments: '',
  ppid: '4084' }
{ pid: '6680',
  command: 'sihost.exe',
  arguments: '',
  ppid: '1772' }
{ pid: '8300',
  command: 'C:\\Windows\\Explorer.EXE',
  arguments: '',
  ppid: '9084' }
{ pid: '9120',
  command: 'igfxEM.exe',
  arguments: '',
  ppid: '9104' }
{ pid: '7908',
  command: 'igfxHK.exe',
  arguments: '',
  ppid: '9104' }
{ pid: '8712',
  command: 'igfxTray.exe',
  arguments: '',
  ppid: '9104' }
{ pid: '9208',
  command: 'c:\\windows\\system32\\svchost.exe',
  arguments: [ '-k', 'unistacksvcgroup', '-s', 'CDPUserSvc' ],
  ppid: '760' }
{ pid: '7084',
  command: 'C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe',
  arguments: '',
  ppid: '4536' }
{ pid: '704',
  command: 'c:\\windows\\system32\\svchost.exe',
  arguments: [ '-k', 'unistacksvcgroup', '-s', 'WpnUserService' ],
  ppid: '760' }
{ pid: '1788', command: '', arguments: '', ppid: '760' }
{ pid: '8332', command: '', arguments: '', ppid: '1620' }
{ pid: '2820',
  command: 'taskhostw.exe',
  arguments: [ '{222A245B-E637-4AE9-A93F-A59CA119A75E}' ],
  ppid: '1620' }
{ pid: '9376', command: '', arguments: '', ppid: '760' }
{ pid: '9660', command: '', arguments: '', ppid: '1232' }
{ pid: '9668', command: '', arguments: '', ppid: '1668' }
{ pid: '9680', command: '', arguments: '', ppid: '1668' }
{ pid: '9812',
  command: 'C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe',
  arguments: [ '-ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca' ],
  ppid: '996' }
{ pid: '10116', command: '', arguments: '', ppid: '760' }
{ pid: '9556',
  command: 'C:\\Windows\\System32\\RuntimeBroker.exe',
  arguments: [ '-Embedding' ],
  ppid: '996' }
{ pid: '1668', command: '', arguments: '', ppid: '760' }
{ pid: '8672',
  command: 'C:\\Program Files\\Windows Defender\\MSASCuiL.exe',
  arguments: '',
  ppid: '8300' }
{ pid: '10784',
  command: 'C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe',
  arguments: [ '-s' ],
  ppid: '8300' }
{ pid: '11036',
  command: 'C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe',
  arguments: [ '/IM' ],
  ppid: '8300' }
{ pid: '11016',
  command: 'C:\\Windows\\system32\\wbem\\unsecapp.exe',
  arguments: [ '-Embedding' ],
  ppid: '996' }
{ pid: '1108', command: '', arguments: '', ppid: '996' }
{ pid: '11280', command: '', arguments: '', ppid: '11268' }
{ pid: '11368',
  command: 'C:\\Program Files\\Alienware\\Command Center\\AWCCServiceController.exe',
  arguments: '',
  ppid: '11292' }
{ pid: '11420', command: '', arguments: '', ppid: '11280' }
{ pid: '11440', command: '', arguments: '', ppid: '11280' }
{ pid: '11500',
  command: 'C:\\Program Files\\Sophos\\Sophos UI\\Sophos UI.exe',
  arguments: [ '/hidden' ],
  ppid: '8300' }
{ pid: '11760', command: '', arguments: '', ppid: '11292' }
{ pid: '11916',
  command: 'C:\\Program Files\\Box\\Box Sync\\BoxSync.exe',
  arguments: [ '-m' ],
  ppid: '8300' }
{ pid: '12072',
  command: 'C:\\Program Files\\iTunes\\iTunesHelper.exe',
  arguments: '',
  ppid: '8300' }
{ pid: '11316', command: '', arguments: '', ppid: '760' }
{ pid: '11628',
  command: 'C:\\Program Files (x86)\\MySQL\\MySQL Notifier 1.1\\MySQLNotifier.exe',
  arguments: '',
  ppid: '8300' }
{ pid: '11712',
  command: 'C:\\Program Files\\Killer Networking\\Killer Control Center\\KillerControlCenter.exe',
  arguments: [ '-minimized' ],
  ppid: '8300' }
{ pid: '12048',
  command: 'C:\\Program Files (x86)\\BeAnywhere Support Express\\GetSupportService_N-Central\\BASupSrvcCnfg.exe',
  arguments: [ '/silent' ],
  ppid: '10052' }
{ pid: '12268',
  command: 'C:\\Program Files\\Box\\Box Sync\\BoxSyncMonitor.exe',
  arguments: [ '-l', '75', '-p', '11916' ],
  ppid: '11916' }
{ pid: '9112',
  command: '\\??\\C:\\Windows\\system32\\conhost.exe',
  arguments: [ '0x4' ],
  ppid: '12268' }
{ pid: '11732',
  command: 'C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe',
  arguments: '',
  ppid: '10052' }
{ pid: '712',
  command: 'C:\\Program Files\\Alienware\\Command Center\\AlienwareAlienFXController.exe',
  arguments: '',
  ppid: '11292' }
{ pid: '1660',
  command: 'C:\\Program Files\\Alienware\\Command Center\\AlienFusionController.exe',
  arguments: '',
  ppid: '712' }
{ pid: '12736',
  command: 'C:\\Program Files\\Alienware\\Command Center\\AWCCApplicationWatcher32.exe',
  arguments: [ '262326' ],
  ppid: '11368' }
{ pid: '12752',
  command: '\\??\\C:\\Windows\\system32\\conhost.exe',
  arguments: [ '0x4' ],
  ppid: '12736' }
{ pid: '12764',
  command: 'C:\\Program Files\\Alienware\\Command Center\\AWCCApplicationWatcher64.exe',
  arguments: [ '262326' ],
  ppid: '11368' }
{ pid: '12776',
  command: '\\??\\C:\\Windows\\system32\\conhost.exe',
  arguments: [ '0x4' ],
  ppid: '12764' }
{ pid: '12568',
  command: 'C:\\Program Files (x86)\\Cisco\\Cisco AnyConnect Secure Mobility Client\\vpnui.exe',
  arguments: [ '-minimized' ],
  ppid: '10052' }
{ pid: '816', command: '', arguments: '', ppid: '760' }
{ pid: '13788', command: '', arguments: '', ppid: '760' }
{ pid: '6140', command: '', arguments: '', ppid: '760' }
{ pid: '3768', command: '', arguments: '', ppid: '760' }
{ pid: '10024', command: '', arguments: '', ppid: '760' }
{ pid: '14380',
  command: 'c:\\windows\\system32\\svchost.exe',
  arguments: [ '-k', 'unistacksvcgroup' ],
  ppid: '760' }
{ pid: '15196',
  command: 'C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE',
  arguments: '',
  ppid: '8300' }
{ pid: '11256',
  command: 'C:\\Program Files\\Internet Explorer\\iexplore.exe',
  arguments: [ '-startmanager', '-Embedding' ],
  ppid: '996' }
{ pid: '13808',
  command: 'C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE',
  arguments: [ 'SCODEF:11256', 'CREDAT:75009', '/prefetch:2' ],
  ppid: '11256' }
{ pid: '12032',
  command: 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe',
  arguments: [ '--allow-running-insecure-content', '--disable-web-security' ],
  ppid: '8300' }
{ pid: '14984',
  command: 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe',
  arguments: 
   [ '--type=crashpad-handler',
     '--user-data-dir=C:\\Users\\Mark Jeghers\\AppData\\Local\\Google\\Chrome\\User Data',
     '/prefetch:7',
     '--monitor-self-annotation=ptype=crashpad-handler',
     '--database=C:\\Users\\Mark Jeghers\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad',
     '--metrics-dir=C:\\Users\\Mark Jeghers\\AppData\\Local\\Google\\Chrome\\User Data',
     '--url=https://clients2.google.com/cr/report',
     '--annotation=channel=',
     '--annotation=plat=Win64',
     '--annotation=prod=Chrome',
     '--annotation=ver=62.0.3202.94',
     '--initial-client-data=0x278,0x27c,0x280,0x274,0x284,0x7ff8d14027e8,0x7ff8d14027a8,0x7ff8d14027b8' ],
  ppid: '12032' }
{ pid: '6044',
  command: 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe',
  arguments: 
   [ '--type=watcher',
     '--main-thread-id=14628',
     '--on-initialized-event-handle=744',
     '--parent-handle=748',
     '/prefetch:6' ],
  ppid: '12032' }
etc etc etc

[addisonElliott]

Had something similar happening to me.

The CommandLine field requires elevated permissions for any process that was not started by the current user. Thus, I bet most of these processes are run as the administrator and thus cannot be seen.

This is not the case for ps where the command can always be seen. What I want to do is add two more fields, Name and ExecutablePath that are retrieved and can be searched by that. These two are always available regardless of permission status.