Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How To Use Windows Path Macros in a Custom Rule

App Control: How To Use Windows Path Macros in a Custom Rule


  • App Control Console: All Supported Versions
  • App Control Windows Agent: All Supported Versions


How to properly match a Windows Path Macro in App Control against the Windows operating system.


The Windows Path Macros in App Control will be expanded by the Agent according to either the CSIDL or KNOWNFOLDERID depending on the version of Windows the Agent is installed on. It is important to verify the Macro being used will expand correctly based on the operating system in use on the endpoint, as the Known Folder ID could expand differently than the CSIDL would. As an example:
Example: <CommonAppData>\Acme Accounting\*.dll

FOLDERID_ProgramData: C:\ProgramData\Acme Accounting\*.dll
CSIDL_COMMON_APPDATA: C:\Documents and Settings\All Users\Application Data\Acme Accounting\*.dll

Additional Notes

  • Currently the use of Wildcards inside a Path Macro is not supported.
  • Path Macros can only be used at the beginning of the specified Path (no other text before it).
  • OnlyIf and Registry Macros can be used anywhere in the specified Path.
  • The full list of Windows Path Macros can be found on VMware Docs > Server Documentation > relevant version > Custom Software Rules > Specifying Paths and Processes > Using Macros in Rules.
  • Path Macros represent a directory and a delimiter (slash or backslash) will be added automatically if it is not added in the Path.
  • If a Custom Rule is expected to be effective as soon as possible after a user logs on, do not use any of the Per User Macros, and do not specify a User Group in the Custom Rule. Rules that specify a username or SID are always active and won't be affected by this delay.

Related Content

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: