Preemptive Protection Against Suspicious Objects

Control Manager provides different ways to protect against suspicious objects not yet identified within your network. Use the User-Defined Suspicious Objects list or import Indicators of Compromise (IOCs) to take proactive actions on suspicious threats identified by external sources.

Feature

Description

User-Defined Suspicious Objects list

The User-Defined Suspicious Objects list allows you to define suspicious file, IP address, URL, and domain objects that your registered Virtual Analyzer has not yet detected on your network.

Supported managed products that subscribe to the Suspicious Object lists can take action on the objects found in the list to prevent the spread of unknown threats.

Adding Objects to the User-Defined Suspicious Object List

Suspicious Object Scan Actions

Indicators of Compromise

Import IOC files to perform an in-depth historical analysis on endpoints on your network to determine if a threat has already affected your environment.

Performing an impact assessment on IOCs requires detailed log information regarding the behavior of the endpoint over time. Only endpoints with Endpoint Sensor 1.5 (or later) installed collect the necessary log information required to perform this type of detailed analysis.

Through integration with OfficeScan 11.0 SP1 (or later) agents, you can isolate affected endpoints to prevent the further spread of the threats identified on endpoints.

Assessing Impact and Responding to IOCs