Forum Discussion

masa86's avatar
masa86
Copper Contributor
Mar 28, 2024

Use of wildcards in suppression rule for MDE

I would like to use a wildcard in an alert suppression rule for MDE, do you know the detailed behavior?

 

Suppress an alert and create a new suppression rule 

This page says

  • File SHA1
  • File name - wildcard supported
  • Folder path - wildcard supported
  • IP address
  • URL - wildcard supported
  • Command line - wildcard supported

in Folder path how would it work if I configure the following?

c:\windows

-> c:\windows folder only?

c:\windows*

-> ?

c:\windows\

-> c:\windows folder only?

c:\windows\*

-> c:\windows and All files under the c:\windows\ folder?

 

There is a detailed description of MDAV, but not of MDE.

Configure and validate exclusions based on file extension and folder location 
The description of MDAV is for Intune and Group Policy use, and may differ from the settings in the MDE Management Console.

 

Regards

No RepliesBe the first to reply

Resources