Virtual Analyzer Suspicious Objects

Suspicious objects are known or potentially malicious IP addresses, domains, URLs, and SHA-1 values found by Deep Discovery Inspector Virtual Analyzer during sample analysis. Virtual Analyzer tracks and analyzes samples submitted by users or other Trend Micro products. It works in conjunction with Threat Connect, the Trend Micro service that correlates suspicious objects detected in your environment and threat data from the Smart Protection Network.

The following columns show information about objects added to the suspicious objects list:

Table 1. Suspicious Objects Columns

Column Name

Information

Virtual Analyzer Feedback Entity

The rule description or malware name

Severity

Severity rating descriptions:

  • High: Known malicious or involved in high-severity connections

  • Medium: IP address/domain/URL is unknown to reputation service

  • Low: Reputation service indicates previous compromise or spam involvement

  • Informational: An object that is most likely benign

Type

Suspicious object type: IP address, domain, URL, or SHA-1

Expiration

Date and time Virtual Analyzer will remove the object from the Suspicious Objects tab