Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bmd
Explorer

Regex for the file name contains field on File Attributes Data object

I can do this which covers all extensions I am looking to catch with this object just not case INSENSITIVE.

.*\.(ps|ps1|scr|vbs|bat|cmd|com|cpl|gadget|msc|msi|msp|pif)$

 

so test.bat is caught, test.Bat is not.

I tried this:

/.*\.(ps|ps1|scr|vbs|bat|cmd|com|cpl|gadget|msc|msi|msp|pif)$/i

 

While it will take it, it is not ignoring case.

 

Also tried:

{caseless}:.*\.(ps|ps1|scr|vbs|bat|cmd|com|cpl|gadget|msc|msi|msp|pif)$

based on some checkpoint document I found from years ago, but the GUI won't accept that and says it is not a proper regex.

 

Thanks for any information anyone has on this.

0 Kudos
1 Reply
bmd
Explorer

Responding to my own posting in case someone else finds this.

You just have to include at the begining (?i) for it to disregard case.

So to cover extensions that are likely harbor malware in some form I am using:

(?i).*\.(ps|ps1|ps1xml|ps2|ps2xml|psc1|psc2|scr|vb|vbs|vbe|bat|cmd|com|cpl|gadget|msc|msi|msp|pif|application|hta|ws|wsf|wsc|wsh|msh|msh1|msh2|scf|lnk|reg)$

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events