Ignoring Windows Services in Zabbix Windows Template Low-Level Service Discovery

With Zabbix 5.x, 6.x and 7.x Zabbix has the option to use User Macros in LLD (Low-Level Discovery) rather than to use Global Regular Expressions. To exclude Windows Services from Windows Discovery, you should either edit the Template that will take effect for all hosts with the template or override template settings on a host level. It’s recommended to make changes on the template level and disable items on a host level because if you override a user macro on the host, any subsequent updates to the template macro will not propagate to the hosts that have changed the template macro. Go to your Windows Template and select the macros tab from the template. Locate the following user macros:

Macro	Description	Regular Expression
{$SERVICE.NAME.MATCHES}	Regular Expression to only get selected services as new items. By default it won’t filter any services.	^.*$
{$SERVICE.NAME.NOT_MATCHES}	Services you don’t want to monitor in regex format. Example on the right.	^(?:RemoteRegistry|MMCSS|gupdate|SysmonLog|clr_optimization_v.+|sppsvc|gpsvc|CDPUserSvc_.+|WpnUserService_.+|OneSyncSvc_.+||wuauserv|edgeupdate|cbdhsvc\w+|msiserver|CDPSvc|TrustedInstaller|BITS|OneSyncSvc_\w+|clr_optimization_\w+|)$
{$SERVICE.STARTUPNAME.MATCHES}	Only get items for services that start automatically	^(?:automatic|automatic delayed)$
{$SERVICE.STARTUPNAME.NOT_MATCHES}	Exclude services that are started as manual or disabled	^(?:manual|disabled)$

Change the regex values as needed to exclude services from the discovery. The Discovery rule itself can be found at the LLD tab of the template in question. Go to “Windows Service Discovery” and select “Filters”. You can add additional Macros to the rule, or optionally change the logic of the filter from the default AND to AND/OR or even a custom expression.

Windows template LLD Filter rules

[ORIGINAL POST For Zabbix 4.x and older] The new Zabbix Windows templates include a Low-Level Discovery for Windows Services. The service.discovery LLD creates items based on discovered Windows Services and accompanies triggers to services with Automatic startup. To ignore a set of services, from all Windows clients, you need to modify  the discovery regex. To modify the default regex, open Administration > General > Regular Expressions. Modify the Windows Service names for discovery regex that has a return value of false. Add any services to this in valid regex format to exclude them for the LLD discovery.