Process Start RegEx Pattern matching & command line naming conventions

Version 1

    Verified Product Versions

    Environment Manager 8.6Environment Manager 8.5Environment Manager 8.4Environment Manager 8.2Environment Manager 8.1Environment Manager 8.3Environment Manager 8.0


    When using a regex to pattern match a Process Started trigger in Environment Manager Policy, the regex will occasionally fail to match the process.

    This can be due to the command line being run in the 8dot3 naming convention/shortname.


    Depending on where the process is run from, the operating system can use different naming conventions. If a regular expression is used to explicitly pattern either the shortname or the longname, then there will be inconsistencies in the pattern matching.

    Example - Microsoft Word (winword.exe)

    • RegEx - The regular expression below will only match if a longname is used in the command line.
      • ((%ProgramFiles(x86)%)|(%ProgramFiles%))\\Microsoft Office\\Office14\\.*\.exe
    • Start Menu Shortcuts (via Default Installation) - 
      • Longname is used - "
        C:\Program Files\Microsoft Office\Office14\WINWORD.EXE


    • Search Results
      • Shortname is used - "

    • Run Prompt
      • Shortname is used - "

    In this example to match both longname and shortname paths the regex would need to be:-


    ((%ProgramFiles(x86)%)|(%ProgramFiles%)\\Microsoft Office\\Office14\\.*\.exe)|(([a-zA-Z]:(\\PROGRA~2\\MICROS~1\\Office14\\.*\.exe)))

    However it should be noted shortname path may differ between systems.