I want to see all the executables run in the user's home directory. I can see that information with the ProcessStart.ExtraneousInfo *C:\Users* but when I try to filter out all of the usual executables that run in that folder it does not seem to filter them.
Example of the rule I created:
Any suggestions on how to get this working?