Command Line Parameters
dirmon /d [path] /s (/i fileA.txt,fileB.txt,..) | (/e fileA.txt,fileB.txt,..) <path>
/s |
Include subdirectories |
/i *.exe,*.sys |
When specified, only lists files that match items in the comma-separated list |
/e *software.log |
When specified, ignores files that match items in the comma-separated list |
|
Both the /i and /e parameters support wildcards (* and ?), but you can only use one at a time. You can specify multiple file names with a comma. You cannot use both /i and /e at the same time. |
Examples
Example 1: Monitor the C:\Windows directory, including subdirectories, but ignore files with the .log extension and files that end in ntuser.dat
dirmon /s /e *.log,*ntuser.dat C:\Windows
10/19/2007 13:37:26: ~MODIFIED : WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
10/19/2007 13:37:26: ~MODIFIED : WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
10/19/2007 13:37:26: ~MODIFIED : WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
10/19/2007 13:37:26: ~MODIFIED : Documents and Settings\All Users\Application Data\Skype\Plugins\_sstore8.dat
10/19/2007 13:37:26: ~MODIFIED : Documents and Settings\All Users\Application Data\Skype\Plugins\_sstore8.dat
7 filtered file transactions not shown.