Channels
- t
Ted Dorosheff
3 months agohey all, happy Friday. Trying to figure out why i'm still getting file events from the C:\Windows\Prefetch\% directory, after i've added it to exclude_paths.file_paths: Users: - 'C:\\Users\\%\\AppData\\Roaming\\%' - 'C:\\Users\\%\\AppData\\Local\\%' - 'C:\\Users\\%\\AppData\\Local\\temp\\%' - 'C:\\Users\\%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\%' - 'C:\\Users\\%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\%' - 'C:\\Users\\%\\Default\\%' Windows: - 'C:\\Windows\\%' - 'C:\\Windows\\Temp\\%' - 'C:\\Windows\\System32\\Drivers\\%' - 'C:\\Windows\\SysWOW64\\Drivers\\%' - 'C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\%' - 'C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\%' - 'C:\\Windows\\System32\\Wbem\\%' - 'C:\\Windows\\SysWOW64\\Wbem\\%' - 'C:\\Windows\\System32\\WindowsPowerShell\\%' - 'C:\\Windows\\SysWOW64\\WindowsPowerShell\\%' - 'C:\\Windows\\Tasks\\%' - 'C:\\Windows\\System32\\Tasks\\%' - 'C:\\Windows\\AppPatch\\Custom\\%' - 'C:\\Windows\\system32\\DriverStore\\Temp\\%' - 'C:\\Windows\\system32\\wbem\\Performance\\%' - 'C:\\Windows\\System32\\Tasks\\Adobe Acrobat Update Task\\%' - 'C:\\Windows\\System32\\Tasks\\Adobe Flash Player Updater\\%' - 'C:\\Windows\\System32\\Tasks\\OfficeSoftwareProtectionPlatform\\SvcRestartTask\\%' ProgramData: - 'C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\%' - 'C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\%' exclude_paths: Windows: - 'C:\\Windows\\Prefetch\\%' 
zwass
3 months agoPerhaps need a
at the end of that exclude? Otherwise you won't be excluding nested directories, just files in that directory.%%
View count: 4