WQL WMI Query to watch for newly created files

The following query should return a set of files that were created to the G drive in the folder test.

I am having trouble getting the following WMI query to work:

SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE 
TargetInstance ISA 'CIM_DataFile' AND TargetInstance.Drive = 'G:' AND 
TargetInstance.Path = '\\test\\'

The wbemtest utility gives me the following error:

Number: 0x80041017
Facility: WMI
Description: Invalid query

Thanks!

Solution

There is a space in the event class name, ie. __ InstanceCreationEvent should be __InstanceCreationEvent. Other than that you shouldn't use the LIKE operator in the query because it will force WMI to search your machine for all files that have 'test' as one of their parent directories. Better to use the exact path.

POST a file string using cURL in PHP?
File is not found in docker
open() gives FileNotFoundError / IOError: '[Errno 2] No such file or directory'
Why does CreateProcessW give a error of 0x2
How to upload an image using Laravel?
Create a File in COBOL
How to append data to file using file_put_contents()?
Connecting 2 java files in visual studio
Register to be default app for custom file type
logger configuration to log to file and print to stdout
Handling multiple byte lengths within a WAV struct
Why does patch not find this file?
How to include asset file in Maui Android
Can I recover a file whose ObjectOutputStream was never closed?
Count files in folder, ignoring hidden files, ignoring nested folders, in Java
Converting an abstract File to String in Java
Django - Create A Zip of Multiple Files and Make It Downloadable
including php file from another server with php
Handling file in a generator function
Analyzing Cache Behavior and Memory Traffic in Large File Reads Using perf stat
Check if an executable exists in the Windows path
Counting the number of files in a directory using Java
Laravel - how to get path name of file
The difference between Absolute path and Path with a root component in Java documentation of Path.resolve()
How do I get the path and name of the python file that is currently executing?
How can I inspect page resources in Firefox?
How to upload file with python requests?
Go func for running external command, occasionally getting error: file already closed
I want to pre-fill an input of type IFormFile
How to copy all files with specific extension and rename them adding the subdirectory names