Kill Open Process (Windows)

What Kill Open Processes does

This Automox Worklet™ terminates specified running processes on Windows endpoints. Many software updates require applications to be closed before installation can proceed. This Worklet automates the process termination step, enabling unattended patching and software lifecycle management.

The Worklet accepts an array of process names to check and terminate. For each process in the list, it checks whether the process is running, attempts to forcibly stop it if found, and reports the result. Processes not found on the endpoint are reported as "not running" without errors.

The Worklet accepts an array of process names to check and terminate. For each process in the list, it checks whether the process is running, attempts to forcibly stop it if found, and reports the result.

The evaluation script always exits with code 0, making this Worklet designed primarily for on-demand execution through the "Run on this Endpoint" or "Run Policy" options rather than scheduled compliance checking. If you want scheduled execution, you can modify the evaluation exit code to 1.

Why use Kill Open Processes through Automox

Software updates often fail when the target application is running. File locks prevent installers from replacing binaries, and users may delay updates if prompted to close applications. This Worklet removes that obstacle by programmatically terminating specified processes before updates run.

Automating process termination through this Worklet enables true zero-touch patching. You can chain this Worklet with software installation Worklets to create a complete update workflow that closes the application, installs the update, and completes without user intervention.

The Worklet supports multiple processes in a single execution, making it efficient for applications with multiple components or related services that must all be stopped before an update.

How Kill Open Processes works

1. Evaluation phase: The Worklet exits with code 0 immediately. This Worklet is designed for on-demand execution rather than scheduled compliance checking. If you need scheduled execution, modify the evaluation script exit code to 1.

2. Remediation phase: The Worklet iterates through the $processesToCheck array. For each process name, it uses Get-Process to check if running, then Stop-Process -Force to terminate if found. Each process status is reported to the Activity Log. If termination fails, the Worklet exits with error code 50.

Kill Open Processes requirements

• Windows 7 or later

• Administrative privileges for process termination

• Configure $processesToCheck array with target process names (without .exe extension)

• To find process names: run Get-Process in PowerShell and match DisplayName to your target applications

Expected state after Kill Open Processes

After successful remediation, the specified processes are no longer running on the endpoint. The Activity Log shows the status for each process: either "[processName] is running. Killing." followed by successful termination, or "[processName] isn't running on this endpoint." for processes that were not found.

Users may notice their applications close unexpectedly. Consider notifying users before running this Worklet during business hours, or schedule execution during maintenance windows to minimize disruption.

How to validate kill open processes changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for kill open processes.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Get-Process.

4. Validate remediation effects from script operations such as Get-Process, Write-Output, Stop-Process, then rerun evaluation for compliance.