You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/indicator-ip-domain.md
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,15 +65,15 @@ It's important to understand the following prerequisites prior to creating indic
65
65
66
66
### Microsoft Defender Antivirus version requirements
67
67
68
-
This feature is available if your organization uses [Microsoft Defender Antivirus](/defender-endpoint/microsoft-defender-antivirus-windows). Microsoft Defender Antivirus must be in active mode for non-Microsoft browsers. With Microsoft browsers, like Edge, this feature works whether Microsoft Defender Antivirus is in active or passive mode).
68
+
- Your organization uses [Microsoft Defender Antivirus](/defender-endpoint/microsoft-defender-antivirus-windows). Microsoft Defender Antivirus must be in active mode for non-Microsoft browsers. With Microsoft browsers, like Edge, Microsoft Defender Antivirus can be in active or passive mode.
69
69
70
-
[Behavior Monitoring](/defender-endpoint/behavior-monitor) is enabled
70
+
-[Behavior Monitoring](/defender-endpoint/behavior-monitor) is enabled.
71
71
72
-
[Cloud-based protection](/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus) is turned on.
72
+
-[Cloud-based protection](/windows/security/threat-protection/microsoft-defender-antivirus/deploy-manage-report-microsoft-defender-antivirus) is turned on.
73
73
74
-
[Cloud Protection network connectivity](/defender-endpoint/configure-network-connections-microsoft-defender-antivirus) is functional
74
+
-[Cloud Protection network connectivity](/defender-endpoint/configure-network-connections-microsoft-defender-antivirus) is turned on.
75
75
76
-
The antimalware client version must be `4.18.1906.x` or later. See [Monthly platform and engine versions](/defender-endpoint/microsoft-defender-antivirus-updates).
76
+
-The antimalware client version must be `4.18.1906.x` or later. See [Monthly platform and engine versions](/defender-endpoint/microsoft-defender-antivirus-updates).
77
77
78
78
### Network Protection requirements
79
79
@@ -142,7 +142,9 @@ Policy conflict handling for domains/URLs/IP addresses differ from policy confli
142
142
In the case where multiple different action types are set on the same indicator (for example, **block**, **warn**, and **allow**, action types set for Microsoft.com), the order those action types would take effect is:
143
143
144
144
1. Allow
145
+
145
146
2. Warn
147
+
146
148
3. Block
147
149
148
150
"Allow" overrides "warn," which overrides "block", as follows: `Allow` > `Warn` > `Block`. Therefore, in the previous example, `Microsoft.com` would be allowed.
@@ -175,6 +177,7 @@ The result is that categories 1-4 are all blocked. This is illustrated in the fo
175
177
3. Select **Add item**.
176
178
177
179
4. Specify the following details:
180
+
178
181
- Indicator - Specify the entity details and define the expiration of the indicator.
179
182
- Action - Specify the action to be taken and provide a description.
0 commit comments