Forum Discussion
masa86
Mar 28, 2024Copper Contributor
Use of wildcards in suppression rule for MDE
I would like to use a wildcard in an alert suppression rule for MDE, do you know the detailed behavior?
Suppress an alert and create a new suppression rule
This page says
- File SHA1
- File name - wildcard supported
- Folder path - wildcard supported
- IP address
- URL - wildcard supported
- Command line - wildcard supported
in Folder path how would it work if I configure the following?
c:\windows
-> c:\windows folder only?
c:\windows*
-> ?
c:\windows\
-> c:\windows folder only?
c:\windows\*
-> c:\windows and All files under the c:\windows\ folder?
There is a detailed description of MDAV, but not of MDE.
Configure and validate exclusions based on file extension and folder location
The description of MDAV is for Intune and Group Policy use, and may differ from the settings in the MDE Management Console.
Regards
No RepliesBe the first to reply