Using wildcards in command line of Appdefend

Is it now or will it be possible to edit a command line with a wild card. For instance I have an application that resulted in several similar entries that are the same except for the last part of the command line such as:

"c:\winnt\system32\rundll32.exe" c:\winnt\system32\nview.dll,nvtaskbarmenucmd 40001

and

"c:\winnt\system32\rundll32.exe" c:\winnt\system32\nview.dll,nvtaskbarmenucmd 40556

There are several other entries that are the same except for the trailing number. I would like to be able to substitute a wildcard for the number so one rule would be able to handle all cases.

Any hope of getting something like this?

thanks

 

Hi xwray.

You can use wild cards as long it's between the quotation marks (if the cmd-line contains them in the first place). You can't use wild cards outside the quotation marks or if the cmd-line doesn't have them. I have a couple for removing the Win Hotfix Uninstall folders.

"c:\windows\system32\cmd.exe" /c rd /s /q "c:\windows\$ntuninstallkb**"
"c:\windows\system32\cmd.exe" /c rd /s /q "c:\windows\$ntuninstallq**"

I've tried to do it for 'wuauclt.exe' coz it's cmd-line is random,and after ending up with nearly 20 entries for it i tried to use a wild card but to no avail.

"c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[548]susdsbe82bb6bae1dd64bae3b7bca1e266c6d <-- note that there are no quotation marks in the second half of the cmd-line.

If anyone finds a way,let us know.

 

I would think it is fairly likely that Jason will implement something like this (prior to release) because it is required in order to properly be able to control processes like rundll32 properly and minimise the number of unnecessary prompts

Some of the rundll32 command lines have the part that changes in the middle of the argument string and others at the end so it might make things easier to have a richer regular expression match available (ie: more than just a *) if possible...