From c18f5cf4561192d2a33c43cd7d80b777fb05ed64 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 30 Dec 2020 21:19:53 +0500 Subject: [PATCH 1/5] Update indicator-ip-domain.md --- .../microsoft-defender-atp/indicator-ip-domain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 800f2e0f16..8578ea6865 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -53,8 +53,8 @@ It's important to understand the following prerequisites prior to creating indic > NOTE: >- IP is supported for all three protocols >- Only single IP addresses are supported (no CIDR blocks or IP ranges) ->- Encrypted URLs (full path) can only be blocked on first party browsers ->- Encrypted URLS (FQDN only) can be blocked outside of first party browsers +>- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) +>- Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) >- Full URL path blocks can be applied on the domain level and all unencrypted URLs >[!NOTE] From f9ff878940fae57246d447f84a483b302e7633dd Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Dec 2020 09:29:20 -0800 Subject: [PATCH 2/5] Update windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/indicator-ip-domain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 8578ea6865..b32d4960f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -51,8 +51,8 @@ It's important to understand the following prerequisites prior to creating indic > Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. > For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
> NOTE: ->- IP is supported for all three protocols ->- Only single IP addresses are supported (no CIDR blocks or IP ranges) +> - IP is supported for all three protocols +> - Only single IP addresses are supported (no CIDR blocks or IP ranges) >- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) >- Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) >- Full URL path blocks can be applied on the domain level and all unencrypted URLs From ed4e39ec8c49bdd5bc239c8ca110891deea03fd1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Dec 2020 09:29:39 -0800 Subject: [PATCH 3/5] Update windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/indicator-ip-domain.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index b32d4960f4..f859c87358 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -53,9 +53,9 @@ It's important to understand the following prerequisites prior to creating indic > NOTE: > - IP is supported for all three protocols > - Only single IP addresses are supported (no CIDR blocks or IP ranges) ->- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) ->- Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) ->- Full URL path blocks can be applied on the domain level and all unencrypted URLs +> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge) +> - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) +> - Full URL path blocks can be applied on the domain level and all unencrypted URLs >[!NOTE] >There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. From 450a5f715b91452bac1d738c28e54fe866a36778 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Dec 2020 09:29:45 -0800 Subject: [PATCH 4/5] Update windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/indicator-ip-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index f859c87358..bda2d79c6e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -57,7 +57,7 @@ It's important to understand the following prerequisites prior to creating indic > - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge) > - Full URL path blocks can be applied on the domain level and all unencrypted URLs ->[!NOTE] +> [!NOTE] >There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. ### Create an indicator for IPs, URLs, or domains from the settings page From 14708380b48e7428b4e49b4d11e79d692d4180fa Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 1 Jan 2021 13:21:58 +0500 Subject: [PATCH 5/5] Update windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/indicator-ip-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index bda2d79c6e..3ed8df33d8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -58,7 +58,7 @@ It's important to understand the following prerequisites prior to creating indic > - Full URL path blocks can be applied on the domain level and all unencrypted URLs > [!NOTE] ->There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. +> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked. ### Create an indicator for IPs, URLs, or domains from the settings page