How should I correctly specify the filter value?

With MSI Package Builder, it is possible to define a set of monitoring filters that allow skipping the activity of the defined processes or the changes made to the defined file system items and registry keys during the Live Monitoring process and a set of uninstall filters that allow leaving joint resources on a PC after an MSI is uninstalled. In this chapter, we will show you how to specify a filter value. There are two methods of specifying a filter value – those are using a simple filter value and using a regular expression. Let us take a close look at each method.

Simple Filter Value

Simple filter value is a string to be used for matching elements to be filtered. In case of a processes filter this string should be a process name, e.g. explorer.exe. For the file system filters this string should be a file system path to filter – all the sub-directories and files in the path specified are also filtered, for example C:\Windows\ filter value will lead to filtering all data inside Windows directory. The registry filter string should match a path to the registry key – all the sub-keys along with registry values in the path specified are filtered, e.g. choosing HKEY_LOCAL_MACHINE as root key and setting Software\Microsoft\Windows NT as key will filter all data inside Windows registry key.

While specifying a simple filter value you can use wildcard characters same as for file system search, for example setting a file system filter value to ?:\Temp* will filter all the folders that start with Temp from all logical drive, such as C:\Temp, D:\Temporary Data, etc.

Regular Expressions

Using regular expressions is a more advanced way of a filter value specification. Regular expression is a string that is used to match a set of strings, particular characters, words, or patterns of characters according to certain syntax rules that are described below. Regular expressions usage is a more flexible way of specifying a filter value than a simple filter value, because one regular expression can cover lots of items to be filtered. For example:

^${CommonUserFolder}$\\[^\\]+\\Local Settings\\!(Application Data\\).+$

This expression will filter all the folders from the Local Settings folder of each user except the Application Data folder.

The following syntax should be used to define a filter value with a help of regular expression.




Matches any single character.

[ ]

Indicates a character class. Matches any character inside the brackets (for example, [abc] matches a, b, and c).


If this metacharacter occurs at the start of a character class, it negates the character class. A negated character class matches any character except those inside the brackets (for example, [^abc] matches all characters except a, b, and c).

If ^ is at the beginning of the regular expression, it matches the beginning of the input (for example, ^[abc] will only match input that begins with a, b, or c).


In a character class, indicates a range of characters (for example, [0-9] matches any of the digits 0 through 9).


Indicates that the preceding expression is optional: it matches once or not at all (for example, [0-9][0-9]? matches 2 and 12).


Indicates that the preceding expression matches one or more times (for example, [0-9]+ matches 1, 13, 456, and so on).


Indicates that the preceding expression matches zero or more times.

??, +?, *?

Non-greedy versions of ?, +, and *. These match as little as possible, unlike the greedy versions that match as much as possible (for example, given the input <abc><def>, <.*?> matches <abc> while <.*> matches <abc><def>).

( )

Grouping operator (for example (\d+,)*\d+ matches a list of numbers separated by commas, such as 1 or 1,23,456).

{ }

Indicates a match group.


Escape character: interpret the next character literally (for example, [0-9]+ matches one or more digits, but [0-9]\+ matches a digit followed by a plus character). Also used for abbreviations (such as \a for any alphanumeric character – see the following table for details).

If \ is followed by a number n, it matches the nth match group (starting from 0). Example: <{.*?}>.*?</\0> matches <head>Contents</head>.


At the end of a regular expression, this character matches the end of the input (for example, [0-9]$ matches a digit at the end of the input).


Alternation operator: separates two expressions, exactly one of which matches (for example, T|the matches The or the).


Negation operator: the expression following ! does not match the input (for example, a!b matches a not followed by b).

The following abbreviations can be used in regular expressions.




Any alphanumeric character: ([a-zA-Z0-9])


White space (blank): ([ \\t])


Any alphabetic character: ([a-zA-Z])


Any decimal digit: ([0-9])


Any hexadecimal digit: ([0-9a-fA-F])


Newline: (\r|(\r?\n))


A quoted string: (\"[^\"]*\")|(\'[^\']*\')


A simple word: ([a-zA-Z]+)


An integer: ([0-9]+)

Now you are introduced to the possible ways of specifying a filter value and should be able to provide any filter to solve any problem.

OS and Platform Conditions

For any filter type, you may configure conditions, including the operating system, the OS build number and the platform. It allows you to configure filters to be used for specific operating systems only. OS and platform conditions can be configured in the Conditions tab Pic 1.

Configuring OS and platform conditions filters

Pic 1. Configuring OS and platform conditions filters

As a condition, you may specify the required Operating System, Build Number and Platform, or any combination of these fields together with the comparison operators. The applied conditions are displayed in the filters list, so you can find filters that are applicable for the current OS or any specific OS.