Getting Started
Trust CenterTourStatusPageSupport

Adding deny paths to Windows forwarder

Suggest Edits

Stairwell has the ability to deny scanning of specific paths via the Registry using a new property called DenyPaths. This property is of type REG_MULTI_SZ and takes .NET style regex paths. These DenyPaths locations will be skipped for backscans, file creates, file modifies and file renames, but WILL FORWARD for image load (execution). So if the file already fully exists in that location, we will still treat it as usual if it executes.

To make use of this new functionality, you will need to ensure that the Registry entry is added before the service starts for the first time, or you will need to restart the service after adding the entry.

We suggest first creating the entry before installing the forwarder. There are a number of ways to accomplish this:

  1. The easiest is to do this manually
  2. You can then export the registry data and push it out to your endpoints before the installer is pushed out.

Instructions

  • Open the Registry and move to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Stairwell\Inception

📘

If the path does not yet exist, please manually create it

  • Create a new Property using a Multi-String Value
  • Name the property DenyPaths (Type: REG_MULTI_SZ)
  • Edit the value
  • Add your path in .NET regex format to be ignored and click OK
    • Example: ^.:\Users\[^\]*\Box
      • This would allow for any drive letter and any username in the path.

📘

For multiple paths, please separate each by adding to a new line

You can use a site like this to assist with generating the regex: https://regex101.com/ Be sure to select the .NET option on the left side.

  • Right click on the Inception key and choose Export
  • Locate the location of the exported registry entry, right click and choose Edit
  • Once open in notepad, you will see all of the Properties of the key you exported

📘

You only see the DenyPaths property if you have to create the key manually

  • Delete ALL properties except for the DenyPaths property and save the file
  • Double click on the registry file to import it. Click Yes when prompted.
  • After clicking Yes, you should be notified that the import was successful. Please click OK.
  • Now, confirm that the Registry file has successfully imported by double-clicking on the DenyPaths property in your registry.

Updated 6 months ago