Purpose:
You wish to use the Files & Directories Scanner (previously the Files Scanner) to locate files and directories on target systems within your network.
Applies to:
PDQ Inventory Version 16+
Resolution:
Obtaining useful and accurate results from the Files & Directories Scanner is dependent on the correct usage of the Include Pattern(s) and Exclude Pattern(s). The Usage and Examples below provide important information on how the Files & Directories Scanner operates, how to use the correct series of patterns, and some examples to get you searching quickly or to troubleshoot issues with existing searches. We advise reviewing the Custom Scanner Best Practices article and thoroughly testing scans on a few machines before scanning your entire environment.
As part of the new directories portion of the Files & Directories scanner, the UI for the scanner window has been updated. Most importantly, you now have the choice of what to scan for (Files, Directories, or Both) in the Type drop-down menu:
Usage:
- Environmental variables (e.g. %PROGRAMFILES%, %PUBLIC%, %SYSTEMROOT%) can be used with the Files & Directories Scanner.
- Patterns are not case sensitive.
- Searches are confined to local disks only. Network/mapped drives are not included in the file scan process.
- Before scanning your environment, test the scan thoroughly on a few machines. Patterns are designed to increase the efficiency of searches, resulting in better performance for all users. Because of the power inherent in the patterns, it is possible to do the exact opposite of that and create searches that are inefficient and cause significant performance issues for you and your users.
- Including the Files & Directories Scanner as part of another scan profile may result in inconsistent results. For example, placing one instance of a Files & Directories Scanner as part of a Standard Scan that searches in the same location as another Files & Directories Scanner where information has changed could result in results that show both new and obsolete information. Scan information is retained for the particular discrete scan until such time as the scan is run again.
Available Wildcards:
* matches zero or more characters, can be used for files and directories:
- *bar will return results for foobar, fubar, F00bar, bar, etc.
- foo* will return results for foo, foobar, foolish, foo42, food, foo.txt (Files Type only), foobar.ini (Files Type only), etc.
- Files Type only: C:\Users\*\Desktop\ (trailing "\") will search the Desktop directory of all user profile directories in C:\Users\
- Directory or Both Type: C:\Users\*\Desktop (no trailing "\") will search all user profiles for the directory with the name "Desktop".
- Both Type: C:\Users\*\Desktop* (no trailing "\") will search all user profiles for the directory with the name "Desktop" and any files that start with "desktop".
- Files only: C:\Users\*\*\*\*.txt will search for all txt files in:
C:\Users\<username>\<subdirectories>\<subdirectories>\
but not:
C:\Users\<username>\<subdirectories>\
? matches a single character:
- ?bar will return 1bar, sbar, 2bar, qbar, but not fubar, foobar, crowbar, or 42bar
- f??bar will return foobar but not fubar.
- ?:\ will search all drives (excluding network/mapped drives).
\**\ is used to indicate the current and all subdirectories:
- C:\Windows\**\fubar.exe
Searches for fubar.exe in Windows and all subdirectories of Windows. If by some chance you have a directory called "fubar.exe", it will return the result for that as well, assuming you have chosen Directory or Both from the Type menu. - %SYSTEMROOT%\System32\**\hosts
Searches for the hosts file in [drive]:\Windows\System32\ directory and all subdirectories. If Directory or Both Type are selected, will return a directory called "hosts" or the directory called "hosts" and the file called "hosts" respectively. - C:\Users\**\
Searches the Users directory and all subdirectories. Depending on whether File, Directory, or Both Types are selected determines whether files, directories, or both are returned. - C:\Users\*\**\*.txt
Searches for any .txt files in C:\Users\<username>\<subdirectories>
but not: C:\Users. Will also search for any directory ending in .txt as well (assuming the Type is set), which would be rare but possible. - C:\Users\*\*\**\*.txt
Searches for any .txt files starting in C:\Users\<username>\<subdirectories>\<subdirectories>
but not in C:\Users\<username>\<subdirectories>\. Will also search for any directory ending in .txt as well (assuming the Type is set), which would be rare but possible. - C:\Users\**\Mozilla\**\Firefox\**\Profiles\**\*.xpi
Searches for any xpi files in C:\Users\<subdirectories>\Mozilla\<subdirectories>\Firefox\<subdirectories>\Profiles\<subdirectories>\*.xpi
Exclusions:
Exclusions work the same way as above with the following exception:
Excluding a directory must contain a trailing backslash "\" otherwise, the exclusion will treat the exclusion as a file.
For example, I have a directory named notepad.exe located somewhere on the system and want to exclude this directory but want to make sure and include the program in my file search.
C:\**\notepad.exe will exclude the file, notepad.exe (File Type)
C:\**\Desktop will exclude the directory called Desktop (Directory or Both Type)
C:\**\Desktop\ will exclude the contents of the directory, Desktop
Exclude a file (File or Both Type): C:\Path\to\file.exe or C:\Path\to\*.exe
Exclude a directory (Directory or Both Type): C:\Path\to\directory\ or C:\Path\to\alldirectories\**\
IMPORTANT: When performing large searches, it's important to exclude large directories that are unnecessary in the search. For instance, the Windows\WinSxS and $Recycle.Bin
Examples:
While these examples are for searching files, the same logic applies to directories. Using the Both type will render both file and directory results.
1. Find a file in a known location:
Find all PST and OST files in the expected location.
2. Find a file in an unknown location, and exclude the known location:
Example 1: Find all PST files not in the expected location (general search).
Example 2: Find all PST files not in the expected location (more targeted search).
3. Find a particular file installed in multiple possible locations:
Find all install locations of Microsoft Word. You could also use %PROGRAMFILES%*\ as well.
4. Find files that may or may not exist:
Find all machines with Groove and Skype for Business executables. You could also use %PROGRAMFILES%*\ as well.
5. Find all executable files in %SYSTEMROOT% with certain exceptions:
Find executable files in the Windows directory and all directories under Windows\.
6. Find some adware:
Find known adware programs excluding specific directories.
7. Find ISO Files:
Find space-consuming ISO files left over from OS/Application installs.
8. Find files in an unknown/partially known location:
Find Mozilla Firefox profile files that may or may not exist in the default location.
9. Find files while excluding certain directories that might increase scan time.
Find all f?bar.log files but exclude all users Temp directory.