WQL WMI Query to watch for newly created files

2.2k Views Asked by CodeKingPlusPlus At 20 October 2024 at 12:53

The following query should return a set of files that were created to the G drive in the folder test.

I am having trouble getting the following WMI query to work:

SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE 
TargetInstance ISA 'CIM_DataFile' AND TargetInstance.Drive = 'G:' AND 
TargetInstance.Path = '\\test\\'

The wbemtest utility gives me the following error:

Number: 0x80041017
Facility: WMI
Description: Invalid query

Thanks!

Original Q&A

There are 2 best solutions below

Anonimista On 27 July 2012 at 13:34 BEST ANSWER

There is a space in the event class name, ie. __ InstanceCreationEvent should be __InstanceCreationEvent. Other than that you shouldn't use the LIKE operator in the query because it will force WMI to search your machine for all files that have 'test' as one of their parent directories. Better to use the exact path.

Sandeepjn On 15 January 2013 at 08:41

This is giving you Invalid query error as you are runnign this as a query, but _instancecreationEvent or all subClass of "_InstanceOperationEvent" must be called as NotificationQuery.

Thanks.

WQL WMI Query to watch for newly created files

There are 2 best solutions below

Related Questions in FILE

Related Questions in WMI

Related Questions in WQL

Trending Questions

Popular # Hahtags

Popular Questions