This topic describes how to search on a GUID in a path field.
Scenario: You have observed a regmod at the following path and want to broaden the search to see how widespread this kind of activity is.
\REGISTRY\A\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326}\Software\Microsoft\VisualStudio\15.0_404778b2
| Works | regmod_name:\\REGISTRY\\A\\\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326\}\\Software\\Microsoft\\VisualStudio\\15.0_404778b2 |
| Works | regmod_name:REGISTRY/A/\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326\}/Software/Microsoft/VisualStudio/15.0_404778b2 |
| Works | regmod_name:REGISTRY/A/*/Software/Microsoft/VisualStudio/15.0_404778b2 |
| Works | regmod_name:\{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326\} |
| Works | regmod_name:\{4a15d1fe-35eb-ed8c-5d7b-*\} |
| Does not Work | regmod_name:\REGISTRY\A\{4a15d1fe-*}\Software\Microsoft\VisualStudio\15.0_404778b2 |
| Does not Work | regmod_name:4a15d1fe-35eb-ed8c-5d7b-0aaefad84326 |
Note:
- Platform Search strips off leading backslashes. Do not include that in the query value.
- For path fields, Platform Search normalizes all backslashes in paths into forward slashes (Windows and POSIX operating systems take different approaches so we normalize for efficiency). If you include the backslashes, they must be escaped.
- You must escape special characters in leading or trailing positions (such as
{and}in{4a15d1fe-35eb-ed8c-5d7b-0aaefad84326}).
