hey all, happy Friday. Trying to figure out why i'...
# windowst
Ted Dorosheff
02/25/2022, 9:51 PMhey all, happy Friday. Trying to figure out why i'm still getting file events from the C:\Windows\Prefetch\% directory, after i've added it to exclude_paths.
Copy code
file_paths:
Users:
- 'C:\\Users\\%\\AppData\\Roaming\\%'
- 'C:\\Users\\%\\AppData\\Local\\%'
- 'C:\\Users\\%\\AppData\\Local\\temp\\%'
- 'C:\\Users\\%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\%'
- 'C:\\Users\\%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\%'
- 'C:\\Users\\%\\Default\\%'
Windows:
- 'C:\\Windows\\%'
- 'C:\\Windows\\Temp\\%'
- 'C:\\Windows\\System32\\Drivers\\%'
- 'C:\\Windows\\SysWOW64\\Drivers\\%'
- 'C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\%'
- 'C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\%'
- 'C:\\Windows\\System32\\Wbem\\%'
- 'C:\\Windows\\SysWOW64\\Wbem\\%'
- 'C:\\Windows\\System32\\WindowsPowerShell\\%'
- 'C:\\Windows\\SysWOW64\\WindowsPowerShell\\%'
- 'C:\\Windows\\Tasks\\%'
- 'C:\\Windows\\System32\\Tasks\\%'
- 'C:\\Windows\\AppPatch\\Custom\\%'
- 'C:\\Windows\\system32\\DriverStore\\Temp\\%'
- 'C:\\Windows\\system32\\wbem\\Performance\\%'
- 'C:\\Windows\\System32\\Tasks\\Adobe Acrobat Update Task\\%'
- 'C:\\Windows\\System32\\Tasks\\Adobe Flash Player Updater\\%'
- 'C:\\Windows\\System32\\Tasks\\OfficeSoftwareProtectionPlatform\\SvcRestartTask\\%'
ProgramData:
- 'C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\%'
- 'C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\%'
exclude_paths:
Windows:
- 'C:\\Windows\\Prefetch\\%'z
zwass
02/28/2022, 6:25 PM
Perhaps need a
%%t
Ted Dorosheff
02/28/2022, 8:02 PMHey Zach, so i actually ended up trying
C:\Windows\Prefetch9 Views