![]() So even though we have two "Path" filters that will get OR'd, because one is Include and the other is Exclude, we get what we're after, which is only PDF's edited in that file path. I can't find any specific documentation that lists all of the operators and what they do but that's what it seems. The "exclude" relation operator behaves like a "does not contain" as far as I can tell. Path excludes C:\MyApp\MyDocuments\Temp Exclude.Here is a filter combo that works the way we want: ![]() So because the filter entity is "Path" for both "begins with" and "ends with", Process monitor OR's them, and thus we get the noise we don't want. You specified process name include filters for Notepad.exe and Cmd.exeĪnd a path include filter for C:\Windows, Process Monitor would onlyĭisplay events originating in either Notepad.exe or Cmd.exe that From the help file:Īll the filters that are related to a particular attribute type andĪNDs together filters of different attribute types. The Process Monitor help file explains why the begins with / ends with filters don't work together. Stuff like this: C:\MyApp\MyDocuments\Temp.txt (not a PDF)Ĭ:\Some\Other\Folder\file.pdf (not the folder I want) Process Monitor v3.91 (July 29, 2022) Monitor file system, Registry, process, thread and DLL activity in real-time. ![]() This uniquely powerful utility will even show you who owns each process. What I am trying to use is to filter path which begin with c:MyAppMyDocumentsTemp and ends with. Process Explorer v16.43 (August 18, 2021) Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. pdf event is logged is included, so you'll get results you don't want. Sysinternals Process Monitor (ProcMon): Using wildcards on filter Ask Question 1 I am using Sysinternals Process Monitor to debug some incoming events and now I am trying to create a filter on Path and using wildcards. ![]() What happens is anything that literally begins with that temp folder is included, and anywhere else a. Path begins with c:\MyApp\MyDocuments\Temp. ![]()
0 Comments
Leave a Reply. |