Hi, this wasn't quite what I was expecting for our use case: we have a DRM software which creates a file in each user's directory with the extension .sea, but its the same filename for all users. Its not a compression file as far as I can tell. I was hoping for just the filename could be on a exclude list, but I can use the above and enter in the full path as so far I only have 5 users affected so its just 5 paths to enter. The number of total users we have is low so I can always manage this manually, but I'd image if there were 100's of users this would be more problematic. With Joel's suggestion I would add to that the ability to add wildcards or path macros e.g. %HOMEDIR%/dir/filename.fir or %APPDATA%/otherdir/*.dss. I understand some of those system variables are also user specific so that may be hard to retrieve out of a VM.Malware Detection
Added the ability to exclude specific file paths from suspicious file system activity analysis.
Regards
Damien