Program Rules are closely related to Service Rules – both monitor processes. The difference is how the process was started; Service Rules test just processes running as a service and use the Service Control Manager.

In contrast, Program Rules are more flexible in how they monitor process execution – Program Rules look at any process running, regardless of how it started.

But this does not mean Program Rules are a superset of Service Rules; Service Rules are more powerful for testing Windows Services.

In the above screenshot, no services are displayed for this Program Rule.

For example:

explorer:	Windows Explorer Shell
mmc:	Microsoft Management Console
mspaint:	Microsoft Paint

As you can see, the Program Rule lets you look at all programs running, including those on the desktop.

Program Rule – Detecting A Hung Process On The Desktop

In this case the programs running on the desktop are checked to ensure they are all running correctly.

Note how no desktop program need be specified – all are checked simply by selecting Detect Hung Programs On Desktop Session.

How Argent Detects Hung Programs

Argent uses unique technology to detect hung programs and processes. Essentially what happens is Argent first checks the resource consumption of the selected program or process, then after a delta period, checks the internal metrics again.

If there is no change to CPU time. I/O, memory, etc., in other words, nothing is happening, then the program or process is hung or stalled.

Program Rule – Detecting A Missing Or Hung Process For An Application

Here the programs used by Domino are checked to ensure they are all present and running.

Regardless of whether the specific program is running from the command line, on the desktop, or as a service, all are checked.

Program Rule – Detecting The Presence Of A Process

Here the presence of a program causes the Program Rule to fail.

In this example, the presence of the administrative security program used by Microsoft Cluster Server causes the Program Rule to fail, and for an Event to be sent to the main Argent Console screen.

This program enables configuration settings to be changed — a potential security violation. It’s essential the usage of this potentially extremely dangerous program be monitored and you to be alerted by Argent.

Program Rule – Detecting The Presence Of A Process, Redux

This example is a little less serious than changing the network settings…

Here the presence of RealPlayer is detected and an Alert is sent to the main Argent Console screen.

Program Instance Count Screen

This secondary screen (G142) lets you specify a wide range of variables for the Program Rule.

Is Running/Is NOT Running

These two radio buttons are obvious: if the program is running or is not.

Instances

Has Instances, Has Instances Between, and Has Instances Outside Of enables you to specify an unlimited number of permutations.

For example, you may want two, three, or four instances of a program running, but a number of instances outside this range is an error. So one is an error case, and five or more are error cases. Easy to set with these options.

Match Command Line

Traditionally, Program Rules only check the filenames for the executable.

But the same executable can run totally different tasks when fed with different parameters — Cmd.exe and Java.exe are good examples.

Using Match Command Line allows you to tell the difference of the processes with same executable but different parameters.