ATP Manager returns error messages when you incorrectly enter a search query. In many cases, these errors are caused by incorrectly formatted query strings. Remember, queries use attribute:value pairs; omitting either term will return an error.
Table: Common Query Errors lists the most common errors and recommendations for the correct formatting.
Table: Common Query Errors
Search request failed: attribute: cannot be parsed because it does not use attribute:value format.
Correct the expressions to one of the following formats:
attribute:/regex/ (regular expression)
-attribute:value (not equals)
-attribute:"value" (not equals)
Search request failed: :value cannot be parsed because it does not use attribute:value format.
"c:\\abc.txt" some_value and or And Or Not not
Search request failed: value cannot be parsed because it does not use attribute:value format.
entity.path:"file\\path" (Where entity is a file, module, or process)
Search request failed: The expression 'file.path:"c\\abc"' is invalid for Data Recorder and EOC search.
file.path must be expressed in one of the following formats:
drive_letter:\\file\\path e.g. c:\\windows\\sytsem32\\*.exe
CSIDL_VARIABLE\\file\\path where CSIDL is any valid CSIDL_* variable.
%windows_env_variable%\\file\\path where %windows_env_variable% is any valid Windows environment variable
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.