Hi @Rubida, Kody Unfortunately, Microsoft Defender doesn't currently support blocking by file extension or wildcard. Custom indicators work with hashes (SHA-1, SHA-256, or MD5). You can use PowerShell to get the file hash
Get-FileHash C:\path\to\file.iso
Then Navigate to https://security.microsoft.com/ > Settings > Endpoints > Indicators and set it up as an Indicator. Here is a link https://video2.skills-academy.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide