Search Endpoints for a File, Folder, or Registry Key
To perform a centralized search for a system
file, folder, or registry key on a Windows endpoint, use the
Create a new query.
From the ESM Console, select
a new query.
Configure one or more search parameters for the query.
When multiple search parameters are specified, Traps will return
a result if the search matches any of the parameters.
Select the search parameters, either a
Enter the matching search value, and then click
Optionally, you can use wildcards in the last portion
of the file or folder name path, for example: C:\Temp\*.txt
Repeat as needed to enter multiple search criteria.
) Add conditions to the query.
Conditions specified here can restrict the scope of the
query by sending it to only endpoints that match or do not match
select the condition in the Conditions list and click
to the appropriate include or exclude condition list.
Repeat to add more conditions, if desired.
) Define the target objects to which
to apply the query. By default, the ESM server sends the query to
all endpoints in your organization.
Like conditions, target objects can decrease the scope
of a query by targeting specific
tab, and then enter one or more
target objects in the Include or Exclude areas. The Endpoint Security
Manager queries Active Directory to verify the users, computers,
groups, or organizational units or identifies existing endpoints
from previous communication messages.
) Review the rule name and description.
The ESM Console automatically generates the rule name and description
based on the rule details but permits you to change these fields,
To override the autogenerated name, select the
Activate automatic description
and then enter a rule name and description of your choice.
Save the query.
Do either of the following:
query without activating it. When you are ready to run the query,
select the rule from the
and then click
the query to run it immediately.
Review the results of the query.
in real-time, the ESM Console does not automatically refresh the
page with the query results. As a result, you must refresh the page
to view the current results.