This topic describes how to search on a GUID in a path field.

Scenario: You have observed a regmod at the following path and want to broaden the search to see how widespread this kind of activity is.

\REGISTRY\A\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326}\Software\Microsoft\VisualStudio\15.0_404778b2

Works
regmod_name:\\REGISTRY\\A\\\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326\}\\Software\\Microsoft\\VisualStudio\\15.0_404778b2
Works
regmod_name:REGISTRY/A/\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326\}/Software/Microsoft/VisualStudio/15.0_404778b2
Works
regmod_name:REGISTRY/A/*/Software/Microsoft/VisualStudio/15.0_404778b2
Works
regmod_name:\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326\}
Works
regmod_name:\{4a15d1fe-35eb-ed8c-5d7b-*\}
Does not Work
regmod_name:\REGISTRY\A\{4a15d1fe-*}\Software\Microsoft\VisualStudio\15.0_404778b2
Does not Work
regmod_name:4a15d1fe-35eb-ed8c-5d7b-0aaefad84326
Note:
  • Platform Search strips off leading backslashes. Do not include that in the query value.
  • For path fields, Platform Search normalizes all backslashes in paths into forward slashes (Windows and POSIX operating systems take different approaches so we normalize for efficiency). If you include the backslashes, they must be escaped.
  • You must escape special characters in leading or trailing positions (such as { and } in {4a15d1fe-35eb-ed8c-5d7b-0aaefad84326}).