????
Your IP : 216.73.216.136
| Current Path : C:/Windows/DiagTrack/ |
|
|
| Current File : C:/Windows/DiagTrack/GetFileActionAllowedList.dat |
{
"PredefinedRegex": [
{
"Name": "MatchAnyFilesRecursive",
"Regex": "(?:(?!\\\\)(?![\\s\\S]*((\\.\\.|\\s(\\\\|$))|[>\\/:?<|\"]|\\\\\\\\)))"
},
{
"Name": "MatchAnyExtension",
"Regex": "[^\\\\>\\/:?<|\"]+\\.{1}[^\\\\>\\/:?<|\".]+$"
},
{
"Name": "MatchAnyPath",
"Regex": "[^\\\\>\\/:?<|\"]*?[^.\\\\>\\/:?<|\"]\\.?"
},
{
"Name": "MatchAnyFileName",
"Regex": "[^\\\\>\\/:?<|\"]+\\.{1}"
},
{
"Name": "MatchOptionalFilenameSuffix",
"Regex": "[^\\\\>\/:?<|\"]*\\.{1}"
}
],
"Deny": [
{
"Name": "UserDocumentExtension",
"Regex": "^.*\\.(?:doc|docx|dot|wbk|docm|dotx|dotm|docb|xls|xlt|xlt|xlm|xlsx|xlsm|xltx|xltm|xlsb|xla|xlam|xll|xlw|ppt|pot|pps|pptx|pptm|potx|potm|ppam|ppam|ppsx|ppsm|sldx|sldm|pdf|accdb|rar)$"
},
{
"Name": "ImageExtension",
"Regex": "^.*\\.(?:jpeg|png|jpg|gif|bmp|tif|tiff|svg|ico|jfif|exif|ppm|pgm|pbm|pnm)$"
},
{
"Name": "MediaExtension",
"Regex": "^.*\\.(?:mp3|mp4|wav|raw|wma|m4a|mov|avi|wmv)$"
}
],
"Allow": [
{
"Regex": "%ProgramFiles%\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%windir%\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\\\$windows\\.~bt\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\\\$sysreset\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\windows\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\PerfLogs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\Program Files\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\Program Files \\(x86\\)\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\roamingdiag\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemroot%\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\SystemData\\\\etw\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefaultAccount\\\\AppData\\\\Local\\\\Packages\\\\HoloShell_cw5n1h2txyewy\\\\HoloShellData\\\\SavedWorlds\\\\$(MatchAnyExtension)"
},
{
"Regex": "%ProgramData%\\\\Microsoft\\\\Spectrum\\\\EnvironmentData\\\\$(MatchAnyExtension)"
},
{
"Regex": "%ProgramData%\\\\Microsoft\\\\Spectrum\\\\LocationData\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\SystemData\\\\Temp\\\\CrashDumps\\\\[^\\\\>\\/:?<|\"]+(\\.dmp){1}$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\Microsoft\\\\Windows\\\\WER\\\\ReportArchive\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\USOPrivate\\\\UpdateStore\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\USOShared\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\shareddata\\\\duprivate\\\\updatestore\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\shareddata\\\\dushared\\\\[^\\\\>\\/:?<|\"\"]+\\\\.{1}[^\\\\>\\/:?<|\".]+$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\SystemData\\\\nonetwlogs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\SoftwareDistribution\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\shareddata\\\\duprivate\\\\TroubleShooting\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\packages\\\\Microsoft\\.WindowsCommunicationsApps_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\packages\\\\Microsoft\\.WindowsCommunicationsApps_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\APPDATA\\\\Local\\\\Packages\\\\Microsoft\\.WindowsCommunicationsApps_8wekyb3d8bbwe\\\\localstate\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\APPDATA\\\\Local\\\\Packages\\\\Microsoft\\.WindowsCommunicationsApps_8wekyb3d8bbwe\\\\tempstate\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\wlanreport\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%appdata%\\\\Microsoft\\\\Windows\\\\Recent\\\\AutomaticDestinations\\\\f01b4d95cf55d32a\\.AutomaticDestinations-ms$"
},
{
"Regex": "%appdata%\\\\Microsoft\\\\Windows\\\\Recent\\\\AutomaticDestinations\\\\5f7b5f1e01b83767\\.AutomaticDestinations-ms$"
},
{
"Regex": "%appdata%\\\\Microsoft\\\\Windows\\\\Themes\\\\slideshow\\.ini$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Windows\\\\Themes\\\\[^\\\\>\\/:?<|\"]+(\\.theme){1}$"
},
{
"Regex": "%programdata%\\\\USOPrivate\\\\UpdateStore\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\USOShared\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\SharedData\\\\Dushared\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%temp%\\\\RoamDiagLogs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\packages\\\\$(MatchAnyPath)\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%temp%\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\packages\\\\$(MatchAnyPath)\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.InsiderHub_8wekyb3d8bbwe\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%ProgramData%\\\\Microsoft\\\\Wlansvc\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Fragments_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.YoungConker_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Publishers\\\\8wekyb3d8bbwe\\\\Playspaces\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\ProgramData\\\\Microsoft\\\\Network\\\\Connections\\\\Pbk\\\\RasPhone\\.pbk$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Windows\\\\caches\\\\\\{3d(?![\\s\\S]*((\\.\\.|\\s(\\\\|$))|[>\\/:?<|\"]|\\\\\\\\))"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.ZuneMusic_8wekyb3d8bbwe\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\Appxprovisioning\\.xml$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\Microsoft\\\\Windows\\\\APPREPOSITORY\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Programs\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.FeatureOnDemand\\.InsiderHub_cw5n1h2txyewy\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%temp%\\\\LMLicenseFault\\.cab$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.ZuneVideo_8wekyb3d8bbwe\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\Clipsvc\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\Microsoft\\\\Windows\\\\ClipSVC\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Users\\\\$(MatchAnyPath)\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.Windows\\.FeatureOnDemand\\.InsiderHub_cw5n1h2txyewy\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.Windows\\.FeatureOnDemand\\.InsiderHub_cw5n1h2txyewy\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.SkypeApp_kzf8qxf38zg5c\\\\localstate\\\\DiagOutputDir\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Programs\\\\Commonfiles\\\\xaps\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\Users\\\\$(MatchAnyPath)\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\Data\\\\Users\\\\$(MatchAnyPath)\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\$(MatchAnyPath)\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.Windows\\.FeatureOnDemand\\.InsiderHub_cw5n1h2txyewy\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%appdata%\\\\Local\\\\Packages\\\\Microsoft\\.BingWeather_8wekyb3d8bbwe\\\\LocalState\\\\Diagnostics\\\\ApplicationLog\\.etl$"
},
{
"Regex": "%appdata%\\\\Local\\\\Packages\\\\Microsoft\\.BingFinance_8wekyb3d8bbwe\\\\LocalState\\\\Diagnostics\\\\ApplicationLog\\.etl$"
},
{
"Regex": "%appdata%\\\\Local\\\\Packages\\\\Microsoft\\.BingNews_8wekyb3d8bbwe\\\\LocalState\\\\Diagnostics\\\\ApplicationLog\\.etl$"
},
{
"Regex": "%appdata%\\\\Local\\\\Packages\\\\Microsoft\\.BingSports_8wekyb3d8bbwe\\\\LocalState\\\\Diagnostics\\\\ApplicationLog\\.etl$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.Cortana_cw5n1h2txyewy\\\\LocalState\\\\LocalRecorder\\\\Speech\\\\[^\\\\\\\\>\\/:?<|\"]+(\\.wav){1}$",
"Disable": [
"MediaExtension"
]
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.ZuneMusic_8wekyb3d8bbwe\\\\localstate\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.ZuneVideo_8wekyb3d8bbwe\\\\localstate\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Messaging_8wekyb3d8bbwe\\\\LocalCache\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MessagingLite_8wekyb3d8bbwe\\\\LocalCache\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\ActiveSync\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.ZuneMusic_8wekyb3d8bbwe\\\\localcache\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.ZuneVideo_8wekyb3d8bbwe\\\\localcache\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.WindowsFeedbackHub_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.3DViewer_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Actiongram_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftGalaxyExplorer_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\.HoloStudio_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.6191099C588EB_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.RoboRaid_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\ConnectedDevicesPlatform\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\SharedData\\\\ServiceProfiles\\\\LocalService\\\\APPDATA\\\\LOCAL\\\\ConnectedDevicesPlatform\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\APPDATA\\\\LOCAL\\\\ConnectedDevicesPlatform\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.HoloStudio_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\packages\\\\$(MatchAnyPath)\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Office\\\\Spw\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Office\\\\MsoLogs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftSkydrive_8wekyb3d8bbwe\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\14356InternalBetaAccount\\.OneDriveBlueAlpha_f94gypvcd58qa\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.MicrosoftSkydrive_8wekyb3d8bbwe\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\14356InternalBetaAccount\\.OneDriveBlueAlpha_f94gypvcd58qa\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\2388c42e-8b18-474f-b53c-b6cc0c9fb685_q2jx7hka11k42\\\\LocalState\\\\Logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.Cortana_cw5n1h2txyewy\\\\LocalState\\\\ConstraintIndex\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.Cortana_cw5n1h2txyewy\\\\LocalState\\\\DeviceSearchCache\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.Cortana_cw5n1h2txyewy\\\\Settings\\\\Settings\\.dat$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Windows\\\\Notifications\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\\\$GetCurrent\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Windows10Upgrade\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%temp%\\\\UpgraderStub\\.log$"
},
{
"Regex": "%temp%\\\\Windows10UpgradeVersion\\.txt$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.WindowsAlarms_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\ProgramData\\\\USOPrivate\\\\UpdateStore\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\ProgramData\\\\USOShared\\\\Logs\\\\$(MatchAnyExtension)"
},
{
"Regex": "%SettingsDrive%\\\\ProgramData\\\\SoftwareDistribution\\\\Logs\\\\WindowsUpdate\\\\$(MatchAnyExtension)"
},
{
"Regex": "%TemporaryDrive%\\\\windows\\\\system32\\\\logfiles\\\\dosvc\\\\[^\\\\>\\/:?<|\"]+(\\.etl){1}$"
},
{
"Regex": "%systemdrive%\\\\ProgramData\\\\Qualcomm\\\\rfs\\\\msm\\\\MPSS\\\\readonly\\\\firmware\\\\image\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\ProgramData\\\\Qualcomm\\\\rfs\\\\msm\\\\ADSP\\\\readonly\\\\firmware\\\\image\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\ProgramData\\\\Qualcomm\\\\rfs\\\\msm\\\\CNSS\\\\readonly\\\\firmware\\\\image\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\onedrive\\\\logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\onedrive\\\\setup\\\\logs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.AAD\\.BrokerPlugin_cw5n1h2txyewy\\\\Settings\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.AAD\\.BrokerPlugin_8wekyb3d8bbwe\\\\Settings\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\60889ExcellentApps\\.Woodinville_t20v3ntx64e6w\\\\tempstate\\\\UnityPlayer\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\System\\\\CertEnroll\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\System\\\\CertEnrollCtrl\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\System\\\\CryptTpmEkSvc\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\System\\\\AppData\\\\Local\\\\CertEnroll\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\System\\\\AppData\\\\Local\\\\CertEnrollCtrl\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\System\\\\AppData\\\\Local\\\\CryptTpmEkSvc\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\ProgramData\\\\SoftwareDistribution\\\\ReportingEvents\\.log$"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\DefApps\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.WindowsStore_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\packages\\\\Microsoft\\.WindowsStore_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Diagnosis\\\\FeedbackHub\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\Hyper-V\\\\Container Utility VM\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.XboxGameOverlay_8wekyb3d8bbwe\\\\LocalState\\\\DiagOutputDir\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\WDAG\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\\\$windows\\.~ws\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%ProgramFiles(x86)%\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftEdge_8wekyb3d8bbwe\\\\(?:$(MatchAnyPath)\\\\)+OrtcLogs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%DiagtrackStorageRoot%\\\\FeedbackHub\\\\$(MatchAnyFilesRecursive)",
"Disable": [
"UserDocumentExtension",
"ImageExtension",
"MediaExtension"
]
},
{
"Regex": "%temp%\\\\emulator\\\\$(MatchAnyExtension)"
},
{
"Regex": "%temp%\\\\andemulator\\\\$(MatchAnyExtension)"
},
{
"Regex": "%temp%\\\\windowssdk\\\\$(MatchAnyExtension)"
},
{
"Regex": "%temp%\\\\standalonesdk\\\\$(MatchAnyExtension)"
},
{
"Regex": "%temp%\\\\UnionWinmdWorkingFolder\\\\$(MatchAnyExtension)"
},
{
"Regex": "%ProgramData%\\\\Microsoft\\\\Windows Defender Advanced Threat Protection\\\\Temp\\\\SenseIRDebugLogger\\.etl$"
},
{
"Regex": "O:\\\\systemdata\\\\etw\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%userprofile%\\\\MicrosoftEdgeBackups\\\\backups\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%userprofile%\\\\MicrosoftEdgeBackups\\\\backups\\\\$(MatchAnyPath)\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftEdge_8wekyb3d8bbwe\\\\AC\\\\MicrosoftEdge\\\\User\\\\Default\\\\DataStore\\\\Data\\\\nouser1\\\\120712-0049\\\\DBStore\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftEdge_8wekyb3d8bbwe\\\\Settings\\\\settings\\.dat$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftEdge_8wekyb3d8bbwe\\\\RoamingState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftEdge_8wekyb3d8bbwe\\\\LocalState\\\\RoamingConfig\\\\$(MatchAnyExtension)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftEdge_8wekyb3d8bbwe\\\\AC\\\\Microsoft\\\\Windows\\\\CloudStore\\\\cloudstore\\.dat$"
},
{
"Regex": "%temp%\\\\RoamDiag\\\\$(MatchAnyExtension)"
},
{
"Regex": "%temp%\\\\RoamDiag\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%temp%\\\\RoamDiag\\\\$(MatchAnyPath)\\\\$(MatchAnyPath)\\\\$(MatchAnyExtension)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\Users\\\\$(MatchAnyPath)\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.windowscommunicationsapps_8wekyb3d8bbwe\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.MicrosoftRemoteAssist_8wekyb3d8bbwe\\\\TempState\\\\$(MatchAnyExtension)"
},
{
"Regex": "%programdata%\\\\DTU\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programfiles%\\\\DTU\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "O:\\\\systemdata\\\\nonetwlogs\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Users\\\\SurfaceHub\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe\\\\LocalState\\\\logs\\\\Teams\\.log$"
},
{
"Regex": "%systemdrive%\\\\Users\\\\SurfaceHub\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe\\\\LocalState\\\\logs\\\\$(MatchAnyFileName)blog$"
},
{
"Regex": "%systemdrive%\\\\Users\\\\SurfaceHub\\\\AppData\\\\Local\\\\Packages\\\\Microsoft\\.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe\\\\LocalState\\\\logs\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\WFP\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.Photos_8wekyb3d8bbwe\\\\LocalState\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\TargetedContentCache\\\\v3\\\\314558\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\TargetedContentCache\\\\v3\\\\314559\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\TargetedContentCache\\\\v3\\\\338381\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\TargetedContentCache\\\\v3\\\\338388\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\ContentManagementSDK\\\\v3\\\\314558\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\ContentManagementSDK\\\\v3\\\\314559\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\ContentManagementSDK\\\\v3\\\\338381\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.ContentDeliveryManager_cw5n1h2txyewy\\\\LocalState\\\\ContentManagementSDK\\\\v3\\\\338388\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%DiagTrackSystemPartition%\\\\EFI\\\\Microsoft\\\\Boot\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%DiagTrackSystemPartition%\\\\Boot\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Windows\\\\Shell\\\\Layoutmodification\\.xml$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Windows\\\\Shell\\\\DefaultLayouts\\.xml$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.zStartApp_cw5n1h2txyewy\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\Data\\\\SharedData\\\\ServiceProfiles\\\\NetworkService\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\DeliveryOptimization\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "S:\\\\Deployment\\\\SoftwareDistribution\\\\Logs\\\\WindowsUpdate\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "S:\\\\Deployment\\\\DeliveryOptimization\\\\Logs\\\\dosvc\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\WindowsApps\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\DeliveryOptimization\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "[^.\\\\>\\/:?<|\"]+:\\\\WUDownloadCache\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\OneSettings\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%programdata%\\\\WindowsHolographicDevices\\\\ET\\\\Profiles\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "%programdata%\\\\Microsoft\\\\Windows\\\\Parental Controls\\\\settings\\\\settings\\.bin$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.Windows\\.StartMenuExperienceHost_cw5n1h2txyewy\\\\LocalCache\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%localappdata%\\\\Packages\\\\ModernUXProduct_cw5n1h2txyewy\\\\LocalCache\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\DPP\\\\Display\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "O:\\\\systemdata\\\\temp\\\\compositor\\\\DDisplayOutputCapture$(MatchOptionalFilenameSuffix)png$",
"Disable": [
"ImageExtension"
]
},
{
"Regex": "%osdatadrive%\\\\windows\\\\$(MatchAnyPath)\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%osdatadrive%\\\\logfiles\\\\$(MatchAnyPath)\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\ProgramData\\\\USOShared\\\\logs\\\\User\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\windows\\.old\\\\ProgramData\\\\USOShared\\\\logs\\\\System\\\\$(MatchAnyFilesRecursive)"
},
{
"Regex": "%systemdrive%\\\\data\\\\users\\\\defaultaccount\\\\appdata\\\\local\\\\Packages\\\\Microsoft\\.Windows\\.StartMenuExperienceHost_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)appx$"
},
{
"Regex": "%systemdrive%\\\\data\\\\users\\\\defaultaccount\\\\appdata\\\\local\\\\Packages\\\\Microsoft\\.Windows\\.StartMenuExperienceHost_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)json$"
},
{
"Regex": "%osdatadrive%\\\\shareddata\\\\ServiceProfiles\\\\NetworkService\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\DeliveryOptimization\\\\Logs\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "%osdatadrive%\\\\shareddata\\\\ServiceProfiles\\\\NetworkService\\\\AppData\\\\Local\\\\Microsoft\\\\Windows\\\\DeliveryOptimization\\\\State\\\\$(MatchAnyFileName)dat$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge\\\\User Data\\\\Application Guard\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge Beta\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge Beta\\\\User Data\\\\Application Guard\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge Dev\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge Dev\\\\User Data\\\\Application Guard\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge SxS\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\Edge SxS\\\\User Data\\\\Application Guard\\\\User Data\\\\Application Guard\\\\log\\.txt$"
},
{
"Regex": "%systemdrive%\\\\data\\\\users\\\\defaultaccount\\\\appdata\\\\local\\\\Packages\\\\ModernUXProduct_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)appx$"
},
{
"Regex": "%systemdrive%\\\\data\\\\users\\\\defaultaccount\\\\appdata\\\\local\\\\Packages\\\\ModernUXProduct_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)json$"
},
{
"Regex": "%ProgramData%\\\\SoftwareDistribution\\\\logs\\\\windowsupdate\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "%ProgramData%\\\\SoftwareDistribution\\\\logs\\\\sih\\\\$(MatchAnyFileName)etl$"
},
{
"Regex": "%ProgramData%\\\\SoftwareDistribution\\\\ReportingEvents\\.log$"
},
{
"Regex": "%systemdrive%\\\\data\\\\users\\\\defaultaccount\\\\appdata\\\\local\\\\Packages\\\\MicrosoftWindows\\.Windows10X_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)appx$"
},
{
"Regex": "%systemdrive%\\\\data\\\\users\\\\defaultaccount\\\\appdata\\\\local\\\\Packages\\\\MicrosoftWindows\\.Windows10X_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)json$"
},
{
"Regex": "%UserProfile%\\\\AppData\\\\Local\\\\Temp\\\\Diagnostics\\\\EXCEL\\\\$(MatchAnyFileName)log$"
},
{
"Regex": "%UserProfile%\\\\AppData\\\\Local\\\\Temp\\\\Diagnostics\\\\WINWORD\\\\$(MatchAnyFileName)log$"
},
{
"Regex": "%UserProfile%\\\\AppData\\\\Local\\\\Temp\\\\Diagnostics\\\\POWERPNT\\\\$(MatchAnyFileName)log$"
},
{
"Regex": "%ProgramData%\\\\Microsoft\\\\EdgeUpdate\\\\Log\\\\MicrosoftEdgeUpdate\\.log$"
},
{
"Regex": "%localappdata%\\\\Temp\\\\MicrosoftEdgeUpdate\\.log$"
},
{
"Regex": "%localappdata%\\\\Temp\\\\msedge_installer\\.log$"
},
{
"Regex": "%windir%\\\\Temp\\\\MicrosoftEdgeUpdate\\.log$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\MicrosoftWindows\\.Client\\.CBS_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)appx$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\MicrosoftWindows\\.Client\\.CBS_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)json$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\MicrosoftWindows\\.Client_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)appx$"
},
{
"Regex": "%localappdata%\\\\Packages\\\\MicrosoftWindows\\.Client_cw5n1h2txyewy\\\\LocalCache\\\\PackageFeed\\\\$(MatchAnyPath)\\\\$(MatchAnyFileName)json$"
},
{
"Regex": "%allusersprofile%\\\\Microsoft\\\\EdgeUpdate\\\\Log\\\\MicrosoftEdgeUpdate\\.log$"
},
{
"Regex": "%systemroot%\\\\Temp\\\\msedge_installer\\.log$"
},
{
"Regex": "%temp%\\\\msedge_installer.log$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\WAVE\\\\NMakeLanguageService\\\\$(MatchAnyFileName)log$"
},
{
"Regex": "%localappdata%\\\\Microsoft\\\\WAVE\\\\NMakeLanguageService\\\\$(MatchAnyFileName)png$",
"Disable": [
"ImageExtension"
]
},
{
"Regex": "%localappdata%\\\\Packages\\\\Microsoft\\.OneDriveSyncClient_8wekyb3d8bbwe\\\\LocalCache\\\\Local\\\\Microsoft\\\\OneDrive\\\\Logs\\\\$(MatchAnyPath)\\\\FeedbackHub\\\\SubmissionPayload\\.json$"
},
{
"Regex": "%DiagTrackSystemPartition%\\\\DE\\\\$(MatchAnyFileName)log$"
},
{
"Regex": "%ProgramData%\\\\Microsoft\\\\Windows\\\\WER\\\\ReportArchive\\\\$(MatchAnyPath)\\\\Report\\.wer$"
},
{
"Regex": "%systemdrive%\\\\ProgramData\\\\Intel\\\\Logs\\\\$(MatchAnyFileName)log$"
}
]
}