Summary: 

When creating a procalive monitor SystemEDGE is not able to monitor a process when there are multiple processes with the same name.  The reason for this is there is no way to differentiate which process you would like to monitor by name when there are more than one.  For processes that have arguments, you can leverage RegEx to find something unique within the argument string that SystemEDGE can use to differentiate the processes.  By using VAIM you can efficiently determine in real time which arguments the agent detects as unique to ensure the monitor you create will work on the first attempt.

Instructions: 

1.  The following system has 14 instances of svchost.exe and each has a unique argument which SystemEDGE can use to differentiate each process.

<Please see attached file for image>

2.  Within VAIM under explore select the target host.

3.  Navigate to to the Details > Resources tab and scroll to the bottom pane for processes.

<Please see attached file for image>

4.  If you select the binoculars on the top right hand corner it will expose a search field window.

<Please see attached file for image>

5.  When searching for process name svchost all 14 proccesses are matched.

<Please see attached file for image>

6.  When providing a unique argument presented from previous search there is only 1 match which can be used to monitor this instance of the process.

<Please see attached file for image>

 7.  When defining the monitor within a VAIM Policy you can simply use the unique argument and select the "Match process name and arguments flag".  

There is no need to define the process name as long as the argument is unique to the process.  (This is convenient when dealing with processes that have very long arguments strings like Java)

<Please see attached file for image>

8.   After Applying the policy you can check the host in VAIM to see if the entry is Active.

<Please see attached file for image>