igor0
5
The mask is matched “as is” - i.e. if the false detection was shown as “%allusersprofile%\bluezone\adpinit.exe”, then it would work. If it’s shown as “C:\ProgramData\bluezone\adpinit.exe”, then it wouldn’t.
c:\windows\winsxs* should work though (if it’s detected this way).