Forum Discussion
indicators for URLs not blocking any longer
Hi,
is there a known issue with Indicators for URLs/domains?
we recognised that blocking rules stop working for non-edge browsers and edge browser smart screen needs a refresh of the site in order to block the access.
network protection on the client (1903) is enabled and verified.
Any ideas?
thank you
11 Replies
I just demonstrated this today with a customer on my own and on one of their devices, worked fine with Chrome on Windows 10 1909 and 1903
Do you see any information in the Windows Event log?
network protection Microsoft-Windows-Windows-Defender/Operational 5007 Event when settings are changed 1125 Event when a network connection is audited 1126 Event when a network connection is blocked Alex Verboon Hi, appreciate if you can share to me how it will work with chrome browser? What extension do I need to install? Thanks
jgumba08
The windows network protection service applies to the entire OS. If you tag a domain/url/ip for a block in IoC then this would be blocked for the entire OS and any browser including Chrome so there is no additional add-in.
You will need to ensure that you have network protection turned on which you can read about here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/network-protection
Hi Alex Verboon
thanks for your reply.
in case your indicator works as expected and the block is applied successfully - how does your indicator entry for the related domain/url looks like?
Figured out that indeed a domain name like google.com works pretty fine, but in case you're moving deeper into a URL path, it does not - for instance https://www.youtube.com/?gl=DE&tab=w11
- Efrat Kliger
Microsoft
We are working to support this case as well.
Please read through the following documentation section.
Full URL path blocks can be applied on the domain level and all unencrypted URLs.
