The following table provides the supported Whitelist policy and Blacklist policy match values for IP addresses, domains, and URLs for Symantec Advanced Threat Protection (ATP).
Domain or URL
You can use special characters, such as international characters.
You can use full or partial domain names.
ATP looks for the most specific match when you have both Blacklist and Whitelist policies with similar domain names. For example, you can blacklist news.google.com and whitelist google.com.
You can use both the IPv4 and IPv6 protocols.
ATP looks for the most specific match when you have both Blacklist and Whitelist policies with similar IP addresses. For example, you can blacklist an IP address that falls within a whitelisted IP subnet.
Unspecified addresses, zero subnet masks, and zero CIDR bit length and prefixes are not allowed.
You can use dot-decimal notation for IPv4.
You can eliminate leading zeros. For example, you can represent 010.010.010.010 as 10.10.10.10.
You can use IPv4-compatible addresses for IPv6.
Where w.x.y.z is an IPv4 public address assigned to an interface on the computer.
You can use colon-eliminated hex notation for IPv6.
For example, you can represent FF01:0:0:0:0:0:0:101 as FF01::101.