Custom Indicators

Occasional Contributor

We use the custom indicators to block our users from visiting certain domains. Can you use wildcards or regex in these indicators?

2 Replies
No - I have added a request to the MSFT Docs team to make the documentation more clear since it does not explicitly state this, but when you try to enter *.site.com it won't let you proceed to the next page so it appears subdomain wildcards are not supported. The full path blocking like http://site.com/folder/* does appear to be accepted by the wizard but the documentation does not make it clear if it interprets the wildcard. I recommend testing this yourself (note: it takes up to 2 hours before the setting takes effect). https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/indicator...

@Joe Stocker Thank you for your response! Yes, I hope they update their documentation.