Wildcards and Regular Expressions
Application Control uses regular expressions when you select the Use regular expressions option when adding filenames, folder paths, command line arguments and metadata strings. Regular expressions are not supported for Groups and User Name Rules.
Application Control uses the standard C++ regular expressions library.
For further information, please refer to: https://en.cppreference.com/w/cpp/regex
When using regular expressions, you need to check the expression fully before committing it. If the criteria are incorrectly entered, both complete and partial matches are returned.
| Metacharacter | Matches |
|---|---|
^[a-f]+
|
"alice"
matches because her name starts with a letter between a and f "john" does not match because his name starts with a letter greater than f "Alice" does not match because her name does not start with a lowercase letter |
^[a-fA-F]+
|
"Alice" matches because with this expression uppercase letters are allowed |
[a-zA-Z]+\d\d\d$
|
"UserWithThreeNumbers123"
matches because the user name is made up of letters followed
by three numbers. "UserWithFourNumbers1234" does not match because the user name has four numbers in it |
(notepad)|(winword)|(calc).exe
|
notepad.exe matches
because it is in the list wordpad.exe does not match because it is not in the list |
The information below shows examples of how regular expression and wildcards can be used in Application Control.
| Example | Description |
|---|---|
^chkdsk((?!/[f|x]).)*$
|
Used to allow users to run the check disk utility and view the result, but prevent fixing any errors on the disk using a /f (fix) parameter. |
^((?!(notepad\.exe)).*)$
|
notepad.exe does not match because notepad.exe is specifically excluded. wordpad.exe matches because it is not excluded. |
^((?!(explorer|notepad|winword)\.exe).*)$
|
explorer.exe, notepad.exe and winword.exe do not match as they are explicitly excluded. calc.exe matches because it is not in the list. |