Understood, but still the translated/"converted to" RegExp would be much more simpler than the complex ones that they address in SK's.
Like you confirmed RegExp would be still used for matches, as it's easiest way to match URL's .
In order to prevent some of those unwanted matches, we could writhe *.mydomain.com as *.mydomain.com/ ????
That would cut some of the unwanted matches....
We're not using too many Custom Applications as we preferred to start using the FQDN objects. Still not perfect according to others, but for us is quite OK 🙂 .
Maybe there could be written an script or smth that could emulate the load that the system will get when using an complex RegExp compared with simple one... or like @abihsot__ requires, a clearer document/guide.
PS: I remember reading in the past (and few minutes ago) about "Application Control Signature Tool", but I never went using it.