Process Start RegEx Pattern matching & command line naming conventions

Version 1

    Verified Product Versions

    AppSense Environment Manager 8.6AppSense Environment Manager 8.5AppSense Environment Manager 8.4AppSense Environment Manager 8.2AppSense Environment Manager 8.1AppSense Environment Manager 8.3AppSense Environment Manager 8.0

    Introduction

    When using a regex to pattern match a Process Started trigger in Environment Manager Policy, the regex will occasionally fail to match the process.

    This can be due to the command line being run in the 8dot3 naming convention/shortname.

    Detail

    Depending on where the process is run from, the operating system can use different naming conventions. If a regular expression is used to explicitly pattern either the shortname or the longname, then there will be inconsistencies in the pattern matching.

    Example - Microsoft Word (winword.exe)

    • RegEx - The regular expression below will only match if a longname is used in the command line.
      • ((%ProgramFiles(x86)%)|(%ProgramFiles%))\\Microsoft Office\\Office14\\.*\.exe
    • Start Menu Shortcuts (via Default Installation) - 
      • Longname is used - "
        C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
        "

     

    • Search Results
      • Shortname is used - "
        C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE
        "

    • Run Prompt
      • Shortname is used - "
        C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE
        "

    In this example to match both longname and shortname paths the regex would need to be:-

     

    ((%ProgramFiles(x86)%)|(%ProgramFiles%)\\Microsoft Office\\Office14\\.*\.exe)|(([a-zA-Z]:(\\PROGRA~2\\MICROS~1\\Office14\\.*\.exe)))

    However it should be noted shortname path may differ between systems.