Thanks for the quick reply Jacob. While that didnt work for our specific case I do appreciate the response. In the end, and I am usure why TBH, this is whats currently in place and working for us to blacklist files that start with a dot (.)
You have the ^\. part of the regex correct, but \S is matching a single non-whitespace character as seen here. I assume what you are really going for is ^\.\S*, but it would be more accurate to use ^\..* to blacklist every single file that either is a . or starts with one (see that here). The difference is that using \S* would not blacklist files that start with a . but have a space in them.
(Sorry for the bad formatting. Splunk is throwing all kinds of errors when I try to properly format the text)
If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.