EMCO MSI Package Builder Documentation MSI Package Builder Overview | Download | Purchase

How should I correctly specify the filter condition?

With MSI Package Builder, it is possible to define a set of monitoring filters that allow skipping the activity of the defined processes or the changes made to the defined file system items and registry keys during the Live Monitoring process and a set of uninstall filters that allow leaving joint resources on a PC after an MSI is uninstalled. In this chapter, we will show you how to specify a filter condition. There are two methods of specifying a filter condition – those are using a simple filter condition and using a regular expression. Let us take a close look at each method.

Simple Filter Condition

Simple filter condition is a string to be used for matching elements to be filtered. In case of a processes filter this string should be a process name, e.g. explorer.exe. For the file system filters this string should be a file system path to filter – all the sub-directories and files in the path specified are also filtered, for example C:\Windows\ filter value will lead to filtering all data inside Windows directory. The registry filter string should match a path to the registry key – all the sub-keys along with registry values in the path specified are filtered, e.g. choosing HKEY_LOCAL_MACHINE as root key and setting Software\Microsoft\Windows NT as key will filter all data inside Windows registry key.


While specifying a simple filter condition you can use wildcard characters same as for file system search, for example setting a file system filter value to ?:\Temp* will filter all the folders that start with Temp from all logical drive, such as C:\Temp, D:\Temporary Data, etc.

Regular Expressions

Using regular expressions is a more advanced way of a filter condition specification. Regular expression is a string that is used to match a set of strings, particular characters, words, or patterns of characters according to certain syntax rules that are described below. Regular expressions usage is a more flexible way of specifying a filter value than a simple filter condition, because one regular expression can cover lots of items to be filtered, e. g. ^${CommonUserFolder}$\\[^\\]+\\Local Settings\\!(Application Data\\).+$ expression will filter all the folders from the Local Settings folder of each user except the Application Data folder.

The following syntax should be used to define a filter condition with a help of regular expression.




Matches any single character.

[ ]

Indicates a character class. Matches any character inside the brackets (for example, [abc] matches a, b, and c).


If this metacharacter occurs at the start of a character class, it negates the character class. A negated character class matches any character except those inside the brackets (for example, [^abc] matches all characters except a, b, and c).

If ^ is at the beginning of the regular expression, it matches the beginning of the input (for example, ^[abc] will only match input that begins with a, b, or c).


In a character class, indicates a range of characters (for example, [0-9] matches any of the digits 0 through 9).


Indicates that the preceding expression is optional: it matches once or not at all (for example, [0-9][0-9]? matches 2 and 12).


Indicates that the preceding expression matches one or more times (for example, [0-9]+ matches 1, 13, 456, and so on).


Indicates that the preceding expression matches zero or more times.

??, +?, *?

Non-greedy versions of ?, +, and *. These match as little as possible, unlike the greedy versions that match as much as possible (for example, given the input <abc><def>, <.*?> matches <abc> while <.*> matches <abc><def>).

( )

Grouping operator (for example (\d+,)*\d+ matches a list of numbers separated by commas, such as 1 or 1,23,456).

{ }

Indicates a match group.


Escape character: interpret the next character literally (for example, [0-9]+ matches one or more digits, but [0-9]\+ matches a digit followed by a plus character). Also used for abbreviations (such as \a for any alphanumeric character – see the following table for details).

If \ is followed by a number n, it matches the nth match group (starting from 0). Example: <{.*?}>.*?</\0> matches <head>Contents</head>.


At the end of a regular expression, this character matches the end of the input (for example, [0-9]$ matches a digit at the end of the input).


Alternation operator: separates two expressions, exactly one of which matches (for example, T|the matches The or the).


Negation operator: the expression following ! does not match the input (for example, a!b matches a not followed by b).

The following abbreviations can be used in regular expressions.




Any alphanumeric character: ([a-zA-Z0-9])


White space (blank): ([ \\t])


Any alphabetic character: ([a-zA-Z])


Any decimal digit: ([0-9])


Any hexadecimal digit: ([0-9a-fA-F])


Newline: (\r|(\r?\n))


A quoted string: (\"[^\"]*\")|(\'[^\']*\')


A simple word: ([a-zA-Z]+)


An integer: ([0-9]+)

Now you are introduced to the possible ways of specifying a filter condition and should be able to provide any condition to solve any problem.