Showing results for 
Search instead for 
Did you mean: 

Wildcards in HIPS rules?

Can wildcards be used in HIPS rules?

For example, say I wanted to monitor a .ini file for write access but this file location although in the same folder resides on a different drive, when setting up the rule can I set the file path as follows:

%ProgramFiles%\Gubbins\test.ini which would then of course monitor that file regardless of which drive it was on?

Also does the wildcard %ProgramFiles% exclude both \Program Files and \Program Files (x86) simultaneously?



2 Replies

Re: Wildcards in HIPS rules?

Hi Stefan,

not sure if the Program Variable can be utilized like this but yes in general you can use Wildcards in Hips Rules, below some examples:


(question mark) A single character.


(asterisk) Multiple characters. user_name { Include “*” }


(ampersand) Multiple characters except / and \.. Use to match the root-level contents of a folder but not any subfolders. files { Include “C:\\test\\&.txt” }


(exclamation mark) Wildcard escape. files { Include “C:\\test\\yahoo!!.txt” }

Message was edited by: dyilmaz on 4/14/10 5:05:35 AM CDT

Re: Wildcards in HIPS rules?

Cool, thanks for the reply.


ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.