Showing results for 
Show  only  | Search instead for 
Did you mean: 
Engaged Sweeper II

I am trying to find a way we can search user's download folder for a specific exe file

Is it possible to use a wildcard to search C:\Users\*\Downloads? 

I am also trying to search HKEY_USERS registry but will need to do a wildcard for this as well since sub the keys are based on users SID. 

Any help with this would be much appreciated. 

Lansweeper Employee
Lansweeper Employee

Can you give me an example of the HKLU key?  is it just the user that has a SID or does the software reside in its own GUID under that?  Here's some keys you should be able to scan (you can scan HKLU keys which will scan whatever user that's logged on at the time's SID), though its formatted weird:

Also, if it actually installs under the user profile, versus a complete standalone, the software would show up under software as a profile-based software (it will have the little person avatar), but will disappear if it scans while another user is logged on.. so if that applies you could make a 'seen within last 5 minutes' and email it out on a 5 minute schedule...

Also, you could create a deployment package that does an xcopy wildcard search or something that deploys on machines that were scanned within the past X minutes at a similar schedule, then creates a registry key or txt file if found that you could scan with Lansweeper, or perhaps appends a network share file...   just throwing out some ideas that come to mind if you want to do a wildcard search with lansweeper....  or, make a scheduled task with a GPO that executes a search upon user logon that searches for it and makes a file or registry key to then scan with Lansweeper to get info...

you could also make a report of running processes and filter for the .exe seen for assets scanned within the past 5 minutes and have it email you on a 5 minute schedule...

or you could use applocker i think...  

just spitballing 🙂


I am testing AppLocker now. This WaveBrowser has been a pain. 

I think this is the key lansweeper is seeing to show its installed and I'm trying to find any other information about it. So far this is everything I have found with the install. I just need a batter way to search these areas. 



Here is more info I've found... been trying to figure out how I can search any of these areas

Search in Users "Downloads" folder for the installer.
Wave Browser.exe

Delete Files and Folders located -
c:\Users\USER ID\ "Wavesor Software"
c:\Users\*\AppData\Local\ "WaveBrowser"
c:\Users\*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch "WaveBrowser"
c:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "WaveBrowser"
c:\Users\*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7285d05065a86476

Scheduled Task
Folder: \Wavesor Software{USER SID}
Example Folder: \Wavesor Software_S-1-5-21-XXXXXXXXXXXXXXXX

Change Default App
Default Applications for PDF and .htlm are set to WaveBrowser

Delete Reg Keys -
HKEY_USERS\USER SID\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaveBrowser

Installer log -
c:\Users\USER ID\AppData\Local\Temp "wavebrowser_installer.log"

oof - ok, I'm not an expert scripter but you could use GPT to help you make a powershell script to do these tasks...  I pasted your requisites into it and it gave me powershell pieces that can do it.  you could scan the appropriate registry keys in lansweeper, and then make a deployment package to run it against that report (i.e. the ones that registry keys are found), and then tell the package to rescan after deployment...


Engaged Sweeper III

For C:\Users\*\Downloads  == %USERPROFILE%\Downloads

Thanks for replying. I have tried that and rescanned a test machine that I know has the file and it comes back false. The file I am looking for is "Wave Browser.exe" that downloads to the users "Downloads" folder. 

So I put it in this like 

%USERPROFILE%\Downloads\Wave Browser.exe

Lansweeper Tech Support
Lansweeper Tech Support

@funkytechmonky The allowed parameters for custom file scanning are: %programfiles%, %programfiles(x86)% and %windir%.
You can use these parameters in your file paths to make Lansweeper search for the Program Files, Program Files (x86) or Windows directory in any drive on your machines. You can find more information on custom file scanning in this article:


It is not possible to use wildcards for registry scans, you must submit an exact registry value. For performance reasons, registry scanning only queries specific registry values. Retrieving all values within a key or searching the entire registry for a specific value is not possible.

~~~~~~~ (〃 ̄︶ ̄)人( ̄︶ ̄〃) ~~~~~~~
Sweep that LAN, sweep it!
Engaged Sweeper III

With lspush it´s work with %APPDATA%, %LOCALAPPDATA%
I think it´s work also with %USERPROFILE%,   but all is only work with lspush

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now