• Users are being blocked from using leading wildcard queries in the Console

• EDR Server: 6.2.3 and Higher
• Queries that use leading wildcards (*)

According to the EDR User Guide, "The use of leading wildcards in a query is not recommended unless absolutely necessary, and is blocked by default."

To block or allow high-impact process searches:

1. Log in to the EDR console as a Global Administrator (for on-premises installations) or an Administrator (for Hosted EDR).
2. In the main console menu, choose <username> > Settings.
3. In the left menu on the Settings page, choose Advanced Settings.
4. Check (or uncheck) the box for the search type you want to block (or unblock).
5. Click the Save changes button in the lower right corner of the page.

• EDR Global Admin can now block interactive process searches containing leading wildcards or binary metadata in the console. These settings are enabled by default. 
• Additionally, the settings may be set in cb.conf. If set in cb.conf, the UI settings are forced to a specific value, grayed out and are not configurable.
• This feature only applies to interactive searches in the console. Searches executed via the API, existing watchlists or feeds will not be impacted by these settings
• For all the Unified View Users  this does not apply to Unified view either as Unified View uses the API's on the individual Clusters to query the cluster.