App Control: How To Verify Wildcards and Macros In Paths
App Control Agent: All Supported Versions
App Control Console: All Supported Versions
How to use the Agent to verify the Macro or Wildcard will expand to correctly match the desired path on the endpoint.
Using the dascli testpattern command it is possible to test a path as entered in the Custom Rule against an actual path on the endpoint. This command does require being authenticated with the Agent to use, and will need to match to an existing path on the machine.
Example of a File Path in a Custom Rule: <CommonAppData>\Acme Accounting\*.dll
On the endpoint, using a command prompt, issue the following commands to validate the macro and wildcard will expand correctly: