Forum Discussion
indicators for URLs not blocking any longer
Hi Alex Verboon
thanks for your reply.
in case your indicator works as expected and the block is applied successfully - how does your indicator entry for the related domain/url looks like?
Figured out that indeed a domain name like google.com works pretty fine, but in case you're moving deeper into a URL path, it does not - for instance https://www.youtube.com/?gl=DE&tab=w11
MicrosoftWe are working to support this case as well.
Please read through the following documentation section.
Full URL path blocks can be applied on the domain level and all unencrypted URLs.
Efrat Kliger - Hi having the same issue, URL indicators look correct but blocking stopped working in IE/Chrome and only intermittently blocks in Edge. Have raised a support request w/MS. If anyone has insight on root cause would appreciate feedback
Hi Scott,
I assume you're talking about the https related deep links, which are not blocked by CI as "expected" - from my understanding this is currently by design, as mdatp does not act as "man in the middle" breaking up the encrypted channel between the browser and the related webserver. Thus the only way to block https related URLs is to configure the related CI for the domain in general:
working : https://www.google.com
not working: https://www.google.com/whatever-deep-link
Hi,
Simply marked Zoom as unsanctioned in MCAS, worked for ~3 week and the just stopped.
Allowed the integration between MCAS and Defender ATP to automatically create the indicator.
