Adding Exceptions to the Virtual Analyzer Suspicious Object List

Control Manager allows you to exclude objects from the Virtual Analyzer Suspicious Object list based on the file SHA-1, domain, IP address, or URL.

Important:

The User-Defined Suspicious Object list has a higher priority than the Virtual Analyzer Suspicious Object list.

  1. Go to Administration > Suspicious Objects > Virtual Analyzer Objects.

    The Virtual Analyzer Suspicious Objects screen appears.

  2. Click the Exceptions tab.
  3. Click Add.
  4. Specify the Type of object.
    • File SHA-1: Specify the SHA-1 hash value for the file.

    • IP address: Specify the IP address.

    • URL: Specify the URL.

    • Domain: Specify the domain.

      Control Manager allows you to use a wildcard character (*) to exclude specific subdomains or subdirectories from the Virtual Analyzer Suspicious Object list.

      Example

      Description

      https://*.domain.com/

      Excludes all subdomains of the domain "domain.com" from the Virtual Analyzer Suspicious Object list

      *.abc.domain.com

      Excludes all subdomains of the subdomain "abc" from the Virtual Analyzer Suspicious Object list

      https://*.domain.com/abc/*

      Excludes all subdomains of the domain "domain.com" and subdirectories of the subdirectory "abc" from the Virtual Analyzer Suspicious Object list

  5. (Optional) Specify a Note to assist in identifying the suspicious object.
  6. Click Add.

    The object appears in the Virtual Analyzer Exception list. Managed products that subscribe to the suspicious objects lists receive the new object information during the next synchronization.