Endpoint Scanning : Units : Adding Filters
  
Adding Filters
This section describes how to configure filters for a Computers unit. To configure filters for an Elasticsearch unit, see Filter control dialog box for Elasticsearch.
To add a filter, use the Add Include Filter or Add Exclude Filter dialog box depending on the type of the filter.
Complete this dialog box as follows.
1. Specify the drives to include or exclude:
All Drives - Allows you to specify the types of storage devices to scan. These parameters are not supported in Agentless mode, in which case all disks will be scanned regardless of their type.
 
Note: If the All Drives option is selected, the check boxes described below have no effect and the filter will include or exclude all disks.
System - Select to specify the logical disk where Windows is installed.
Non-system - Select to specify all other logical and physical disks that do not fall to other classifications.
Network - Select to specify mounted network disks. Multiple networks disks may exist for each logged in user. All network disks for all users will be scanned.
Removable, Floppy & Optical - Select to specify removable disks including floppy drives, optical drives (CD/DVD/BD-ROM). This also includes USB pen drives, attached memory cards, external storage devices connected via a USB cord etc.
2. Specify the paths to include or exclude:
All Paths - Allows you to specify the paths on the disks to scan.
 
Note: If the All Paths option is selected, the check boxes described below have no effect and the filter will include or exclude all paths.
Documents - Select to specify the Documents folder. On systems earlier than Windows Vista, the path to this folder is %SystemDrive%\Documents and Settings\<user>\My Documents. On Windows Vista or later, the path is %SystemDrive%\Users\<user>\Documents. Document folders are scanned for every users.
Program Files - Select to specify the Program Files folder. On 64-bit systems, both Program Files and Program Files (x86) will be scanned.
System folder - Select to specify the Windows installation folder.
Temporary Folder - Select to specify the system temp folder.
Cloud storage folders - Select to specify whether to scan the user’s local synchronization directories for selected cloud storage services. The following services are supported: Amazon Cloud Drive, Box, Cloud Mail.ru, Copy, Dropbox, Google Drive, iCloud, MediaFire, OneDrive, SpiderOak, SugarSync, Yandex.Disk.
 
Note: The user (the owner of local synchronization directory) must be logged in for the Box cloud storage service directory to be scanned.
Path - Enter custom paths to scan. Multiple paths can be specified by using a semicolon (;) as a delimiter. UNC paths (e.g. \\server\share) are supported. You can use wildcards, such as asterisks (*) and question marks (?).
See also Scanning a network share: Example.
Including subfolders - Specify whether to scan subfolders within the previously defined paths. If this option is not selected, only the files located in the specified folder will be scanned.
3. Specify the files to include or exclude:
All Files - Allows you to specify the files to include or exclude.
 
Note: If the All Files option is selected, the check boxes described below have no effect and the filter will include or exclude all files.
File name - Specify the desired file names. Multiple file names must be separated by a semicolon (;); for example, *.doc; *.docx.
You can use wildcards, such as asterisks (*) and question marks (?). An asterisk matches any series of characters or no characters. For example, *.txt matches any file name with the extension of txt. The question mark matches any single character. For example, ????.* matches any file name composed of 4 characters and any extension.
Modified - Specify the desired last modification date/time of the file. To do so, choose from the following options in the Modified drop-down list:
Not specified (this option is selected by default).
Before than - The file’s modified date/time must be earlier than the specified date/time.
After than - The file’s modified date/time must be later than the specified date/time.
Between - The file’s modified date/time must fall within the specified date/time range.
Not older than - The file’s modified date/time must not be older than the specified number of seconds, minutes, hours, days, weeks, months, or years.
Older than - The file’s modified date/time must be older than the specified number of seconds, minutes, hours, days, weeks, months, or years.
File size - Specify the desired file size in bytes, kilobytes, megabytes, gigabytes or terabytes. To do so, choose from the following options in the File size drop-down list:
Not specified (this option is selected by default).
Equal to - The file must be exactly the specified size.
Less than - The file must be smaller than the specified size.
More than - The file must be larger than the specified size.
Between - The size of the file must fall within the specified range.
Attributes - Specify the desired file attributes. The System, Hidden and Encrypted attributes are directly matched to the corresponding NTFS attributes.