You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query. aid=my-aid ImageFileName=________ event_simpleName=ProcessRollup2
You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query. aid=my-aid ImageFileName=________ event_simpleName=ProcessRollup2
To search for any process execution that used a file stored in the Recycle Bin, you need to use a wildcard search that covers any characters before and after '$Recycle.Bin'. The '*' wildcard is used to match zero or more occurrences of any character. Therefore, '*$Recycle.Bin*' is the correct option as it ensures that any file path containing '$Recycle.Bin' will be matched, irrespective of what comes before or after it.
B. *$Recycle.Bin* Regex, use the *