Suspicious Object Scan Actions

Using the Control Manager console, administrators can configure scan actions that certain managed products take after detecting specific suspicious objects in the Virtual Analyzer Suspicious Objects list or the User-Defined Suspicious Objects list.

Table 1. Scan Action Product Support

Product

Virtual Analyzer List

User-Defined List

OfficeScan XG SP1 (or later)

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • IP address: Log, Block

  • URL: Log, Block

  • Domain: Log, Block

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • IP address: Log, Block

  • URL: Log, Block

  • Domain: Log, Block

Deep Security 10.0 (or later)

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • URL: Log, Block

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • URL: Log, Block

  • Deep Discovery Inspector 5.0 (or later)

  • Deep Discovery Email Inspector 3.0 (or later)

Synchronizes the following suspicious object types:

  • File: No scan actions performed

  • IP address: No scan actions performed

  • URL: No scan actions performed

  • Domain: No scan actions performed

Synchronizes the following suspicious object types:

  • File: No scan actions performed

  • IP address: No scan actions performed

  • URL: No scan actions performed

  • Domain: No scan actions performed

InterScan Messaging Security Virtual Appliance 9.1 (or later)

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • File SHA-1: Log, Block, Quarantine

InterScan Web Security Virtual Appliance 6.5 Patch 2 (or later)

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • File SHA-1: Log, Block, Quarantine

  • IP address: Log, Block

  • URL: Log, Block

  • Domain: Log, Block

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • File SHA-1: Log, Block, Quarantine

  • IP address: Log, Block

  • URL: Log, Block

  • Domain: Log, Block

Trend Micro Endpoint Application Control 2.0 SP1 Patch 1 (or later)

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • File SHA-1: Log, Block, Quarantine

Cloud App Security 5.0 (or later)

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • URL: Log, Block

Performs actions against the following suspicious object types:

  • File: Log, Block, Quarantine

  • URL: Log, Block

  • Smart Protection Server 3.0 Patch 1 (or later)

  • OfficeScan 11.0 SP1 (or later) integrated Smart Protection Server

  • Trend Micro products that send Web Reputation queries to a supported Smart Protection Server

Managed products perform actions against the following suspicious object types during Web Reputation queries:

  • URL: Log, Block

Managed products perform actions against the following suspicious object types during Web Reputation queries:

  • URL: Log, Block

Important:

Smart Protection Server classifies all URLs in the User-Defined Suspicious Objects list as "High" risk.

Note:

Only certain managed products can directly perform the actions configured in Control Manager on suspicious URL objects. Other managed products take action on suspicious URL objects based on the product's configured Web Reputation settings.

Logs that display on the managed products may not contain information related to suspicious object detections. Control Manager interprets logs sent from the managed product and displays the suspicious object detection on the Control Manager console.