Platform Search provides special handling of certain high cardinality data in path fields.

Path fields include:

• crossproc_name
• filemod_name
• modload_name
• parent_name
• process_name
• regmod_name
• scriptload_name

The following high cardinality data is specially handled:

• GUID
• SID (the Security Identifier in Windows)
• hash

Special handling works as follows:

• You can search for high cardinality data, with or without the full path.
• You can use a wildcard to search for all instances of the path for any variant of the GUID, SID or hash.
• You can search for just the GUID, SID or hash without the full path around it.
• You can use trailing wildcards to search for other variants of the GUID, SID or hash, but not when searching the entire path (only when searching for the GUID, SID or hash itself).