Using the Suspicious Object List Exporter (SuspiciousObjectExporter.exe)

Use the Suspicious Object List Exporter tool (SuspiciousObjectExporter.exe) to export Control Manager Suspicious Object lists in multiple file formats. By default, the Suspicious Object List Exporter tool exports suspicious object data in XML format.

For details on how to change the output file format, see Modifying the Configuration File.

Important:

The Suspicious Object List Exporter tool requires Control Manager 7.0 (or later).

To download the latest installation package, see http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=4202&lang_loc=1.

  1. Open a command prompt on the Control Manager server.
  2. Use the following command to locate the directory which contains the SuspiciousObjectExporter.exe file:

    cd <Control Manager installation directory>\SOTools

  3. Execute SuspiciousObjectExporter.exe using the following command:

    SuspiciousObjectExporter.exe [/s <Start ID> /e <End ID>] [/f <y | n>] [/d]

    Note:

    Running SuspiciousObjectExporter.exe without any parameters displays usage details and prompts you to provide <Start ID> and <End ID> values.

    Parameter

    Description

    Example

    /s <Start ID>

    Indicates the ID of the first object to export

    Note:
    • Requires that you specify the /e <End ID> value

    • Specifying a value of 0 indicates the start of the list

    • SuspiciousObjectExporter.exe /s 0 /e 0

      Exports all suspicious objects and locks the command line interface during the export process

    • SuspiciousObjectExporter.exe /s 3 /e 8

      Exports suspicious objects starting from ID 3 to ID 8 and locks the command line interface during the export process

    • SuspiciousObjectExporter.exe /s 0 /e 4

      Exports suspicious objects starting from the beginning of the list to ID 4 and locks the command line interface during the export process

    /e <End ID>

    Indicates the ID of the last object to export

    Note:
    • Requires that you specify the /s <Start ID> value

    • Specifying a value of 0 indicates the end of the list

    • SuspiciousObjectExporter.exe /s 0 /e 0

      Exports all suspicious objects and locks the command line interface during the export process

    • SuspiciousObjectExporter.exe /s 3 /e 8

      Exports suspicious objects starting from ID 3 to ID 8 and locks the command line interface during the export process

    • SuspiciousObjectExporter.exe /s 4 /e 0

      Exports suspicious objects starting from ID 4 to the end of the list and locks the command line interface during the export process

    /f <y | n>

    Specifies whether to lock the command line interface during the export process

    Note:

    Optional parameter; if not specified, the default is "yes"

    Important:

    You must specify the following parameter in the Add arguments (optional) field when scheduling automatic exports using the SuspiciousObjectExporter.exe tool, a PowerShell script, or a batch script in Windows Task Scheduler:

    /f n

    • SuspiciousObjectExporter.exe /f y

      Exports all suspicious objects and locks the command line interface during the export process

    • SuspiciousObjectExporter.exe /s 0 /e 0 /f y

      Exports all suspicious objects and locks the command line interface during the export process

    • SuspiciousObjectExporter.exe /f n

      Exports all suspicious objects and unlocks the command line interface during the export process

    /d

    Use to enable debug mode

    Note:

    Optional parameter normally used by Support to identify errors

    SuspiciousObjectExporter.exe /d

    Exports all suspicious objects with additional debugging logs

  4. To view the exported Suspicious Object list, go to the <current directory>\SOTools\ directory and open the SuspiciousObjectList.xml file.
    Note:

    If you followed this procedure, the <current directory> is the <Control Manager installation directory>.

  5. To view all export logs, go to the <current directory>\SOTools\ directory and open the ExportRecord.txt file.
    Note:

    If you followed this procedure, the <current directory> is the <Control Manager installation directory>.