How to Filter Out explorer.exe Searches from Netwrix Alerts?

david.archer · December 10, 2025, 3:37am

We are trying to reduce noise from Netwrix Alerts when users perform searches in a monitored folder. These alerts often show: Process: C:\Windows\explorer.exe

However, the files are never actually opened or read by the user (Adobe, Word, Excel, etc.)—only searched via Windows Explorer.
Is there a way to modify the alert filter so that it ignores events where the process is C:\Windows\explorer.exe? We only want alerts for actual file access, not simple searches.
Any guidance or best practices for filtering out these benign events would be greatly appreciated!

RomanP · December 11, 2025, 4:32pm

Hi David,

There are two options available:

Exclude these from collections using omitstoreprocesslist.txt as described in this article: File Servers Monitoring Scope | Netwrix Product Documentation
Filter those in Alerts by using Details Does not contain “Process: C:\Windows\explorer.exe“:

Best Regards,

Roman

Topic		Replies	Views
Adding a wildcard symbol in the filters for the Netwrix Auditor alerts Ideas auditor , new , ideas	0	27	November 14, 2025
"Does not contain" filter in Search Ideas completed , ideas	4	116	October 3, 2025
Reduce false-positives for Content Aware Policies applied to Storage Devices Ideas endpoint-protector , planned , ideas	2	38	December 5, 2025
How to View Workstation Operating System Changes Show & Tell	0	157	February 19, 2025
Change details included in Group Policy alerts Ideas new , ideas	0	16	December 8, 2025

How to Filter Out explorer.exe Searches from Netwrix Alerts?

Related topics