$filterxml = @"<QueryList> <Query Id="0" Path="Security"> <Select Path

1. $filterxml = @"
2. <QueryList>
3.  <Query Id="0" Path="Security">
4.    <Select Path="Security">*[System[TimeCreated[timediff(@SystemTime) &lt;= 60000]]]and*[System[(EventID=4663)]]
5.      and
6.     *[EventData[Data[@Name= 'ObjectName' ]and(Data= 'C:\Program Files (x86)\Lincoln')]]
7.   </Select>
8.  </Query>
9. </QueryList>
10. "@
11.  
12.  $events = Get-WinEvent -FilterXml $filterXml
13.   If ($events.Count -ge 4) {
14.         Send-MailMessage -To "Ej3954969@gmail.com" -From "alerts@castlefundinvestment.com" -SMTPServer 155.6.1.10 -Subject "Access Report - Event ID: 4663" -Body "Restricted Folder Access from $env:computername"
15.   }