Suspicious Object Lists

Control Manager consolidates Virtual Analyzer Suspicious Objects lists and synchronizes all Suspicious Object lists among many managed products. The way each managed product implements the lists depends on how the product implements the feature. Refer to your managed product Administrator's Guide for more information about how the product uses and synchronizes the Suspicious Object lists.

Note:

Administrators can configure specific scan actions on Suspicious Objects using the Control Manager console. You can then configure certain managed products to perform actions based on the Suspicious Objects list settings.

For more information, see Suspicious Object Scan Actions.

List Type

Description

Virtual Analyzer Suspicious Objects

Managed products that integrate with a Virtual Analyzer submit suspicious files or URLs to Virtual Analyzer for analysis. If Virtual Analyzer determines that an object is a possible threat, Virtual Analyzer adds the object to the Suspicious Object list. Virtual Analyzer then sends the list to its registered Control Manager server for consolidation and synchronization purposes.

On the Control Manager console, go to the Administration > Suspicious Objects > Virtual Analyzer Objects > Objects tab to view the Virtual Analyzer Suspicious Objects list.

Exceptions to Virtual Analyzer Suspicious Objects

From the list of Virtual Analyzer suspicious objects, Control Manager administrators can select objects that are considered safe and then add them to an exception list.

On the Control Manager console, go to the Administration > Suspicious Objects > Virtual Analyzer Objects > Exceptions tab to view the Virtual Analyzer Suspicious Object Exceptions.

Control Manager sends the exception list to the Virtual Analyzers that subscribe to the list. When a Virtual Analyzer detects a suspicious object that is in the exception list, the Virtual Analyzer considers the object as "safe" and does not analyze the object again.

For more information, see Adding Exceptions to the Virtual Analyzer Suspicious Object List.

User-Defined Suspicious Objects

Control Manager administrators can add objects they consider suspicious but are not currently in the list of Virtual Analyzer suspicious objects by going to Administration > Suspicious Objects > User-Defined Objects.

For more information, see Preemptive Protection Against Suspicious Objects.