I’m trying to create a relevance to find some bad files for removal. I’ve been looking through the topics and can’t seem to find my exact answer.
The relevance is to find a file but is in subfolders below the C:\Users\username folder. My question is there a generic syntax to insert rather than the specific username? For instance, %username% gives me a syntax error. Without % it doesn’t error, but no results.
Thanks in advance for your help.
Brian
Well, since the BES client isn’t running under any particular user account, the %USERNAME% variable would not have any value anyway.
The crudest form would be
folders "my\subdirectory\path" of folders of folders "C:\Users"
If you want to get a little fancier (handle cases of Windows installed on D: drive, handle profile paths for NT, XP, and Win7+), you can use
folders "my\subdirectory\path" of folders ( expand environment strings of (values "ProfilesDirectory" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" of native registry as string))
Thanks Jason. I’ll give it a go. My writing of relevance skills are pretty basic. I’m sure there are more efficient ways to do what I’m doing, but at least I’m learning as I go.
That’s how we all did it, the more practice you get the easier it will come.
So, I’m still trying to understand how to write my own relevance, and I guess I’m looking for some more guidance from the suggestions above. Or more appropriately some proofreading . . .
Here’s what I’ve tried to write as some relevance.
exists file “cryptonight-asmjs.min[1].js” folders “AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I6ZNDNSI” of folders of folders “C:\Users”
What kind of problem are you encountering? It looks almost all correct to me except you need the “of” in file "whatever" of folders which looks like a copy/paste problem.
Is the cache folder “I6ZNDNSI” always named that, or does it vary by user? Are you getting false-positives, false-negatives, or an error message?