This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 25%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
I was reading through security news and came across this article https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-pushes-darkgate-malware-via-group-chats/ There is a known file type of .pdf.msi that we as a company are wanting to block. We would want to add a wildcard in front of that extension to block anything under that file name. Can someone help me as to how I would do this in Defender?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
@Rubida, Kody
Thank you for posting this in Microsoft Q&A.
I am looking into this issue and will get back to you post my research.
Any update on this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi @Rubida, Kody, Was the below answer helpful?
Hi @Rubida, Kody Unfortunately, Microsoft Defender doesn't currently support blocking by file extension or wildcard. Custom indicators work with hashes (SHA-1, SHA-256, or MD5). You can use PowerShell to get the file hash
Get-FileHash C:\path\to\file.iso
Then Navigate to https://security.microsoft.com/ > Settings > Endpoints > Indicators and set it up as an Indicator. Here is a link https://video2.skills-academy.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide