Viewing the Handling Process

The Handling Process screen provides an overview of the life-cycle for a suspicious object in your environment and current effect of the suspicious object to your users or endpoints.

Required Products

Optional Products

  • Control Manager 7.0 (or later)

  • Deep Discovery Inspector 3.8 (or later) or Deep Discovery Analyzer 5.1 (or later)

  • At least one optional product is required to view Impact Assessment and Mitigation data

  • Trend Micro products managed by Control Manager

  • Endpoint Sensor 1.5 (or later)

    Important:
    • Endpoint Sensor 1.5 only provides information related to the File and IP address suspicious object types.

    • Endpoint Sensor 1.6 (or later) provides information related to the File, IP address, and Domain suspicious object types.

  1. On the Control Manager console, go to Administration > Suspicious Objects > Virtual Analyzer Objects.
  2. Click the View link in the Handling Process column of the table for a specific suspicious object.

    The Handling Process screen appears.

  3. Click any of the following tabs to view more information about the suspicious object.

    Tab

    Description

    Sample Submission

    Displays information related to the first and latest analysis of the suspicious object

    Control Manager integrates with the following products, which use a Virtual Analyzer to analyze suspicious objects submitted by other managed products:

    • Deep Discovery Analyzer 5.1 (or later)

    • Deep Discovery Endpoint Inspector 3.0 (or later)

    • Deep Discovery Inspector 3.8 (or later)

    Analysis

    Displays the Virtual Analyzer analysis of the submitted object

    Virtual Analyzer determines the risk level of suspicious objects based on their potential to expose systems to danger or loss. Supported objects include files (SHA-1 hash values), IP addresses, domains, and URLs.

    Distribution

    Displays all products that synchronized the Suspicious Object list and the last synchronization time

    Control Manager consolidates Virtual Analyzer and user-defined suspicious object lists (excluding exceptions) and synchronizes the lists with integrated managed products.

    Impact Assessment & Mitigation

    Displays all endpoints and users affected by the suspicious object

    • For File detections, the Latest Action Result column displays the last action result reported from managed products.

    • For all other detection types, the Latest Action Result column displays "N/A".

    Click the Suspicious Activities link to further investigate how the object affected the user or endpoint.