Each query filter supports multiple wildcard parameters, separated by commas. For example, you can either specify a set of drives to search (C:\,D;\) or use * to search all drives on the endpoints. Folder Names parameter supports environment variables in the following format: $env:VARNAME (such as you can specify $env:WINDIR,$env:ProgramFiles).
NOTE: This query can take substantial time to execute (sometimes hours) and utilize significant resources (CPU, disk, memory) on the searched endpoints, depending on the scope of search. For this reason, alerts are not supported for this query. It's recommended to schedule it to run overnight or just wait for the results by clicking Refresh (not Run, to avoid re-starting it from scratch) after a while. For faster searches and alerting, please use the indexed version of this query, which is capable of performing much faster and efficient searches on limited search scopes.
Sign-up for free Action1 to receive real-time alerts and view instant data from your endpoints, such as alert on Non-Indexed File Search created, deleted or modified or run live or scheduled queries to analyze it.