Performs slow, non-indexed search for files across all endpoints on specified disk drives or all disk drives. Extracts file name, size, creation date and modification date. Includes an option to search removable drives currently attached to endpoints.

Each query filter supports multiple wildcard parameters, separated by commas. For example, you can either specify a set of drives to search (C:\,D;\) or use * to search all drives on the endpoints. Folder Names parameter supports environment variables in the following format: $env:VARNAME (such as you can specify $env:WINDIR,$env:ProgramFiles).

NOTE: This query can take substantial time to execute (sometimes hours) and utilize significant resources (CPU, disk, memory) on the searched endpoints, depending on the scope of search. For this reason, alerts are not supported for this query. It's recommended to schedule it to run overnight or just wait for the results by clicking Refresh (not Run, to avoid re-starting it from scratch) after a while. For faster searches and alerting, please use the indexed version of this query, which is capable of performing much faster and efficient searches on limited search scopes.

